Ghostshell
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ghostshell
-
-
C:\Program Files (x86)\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe Win32/Somoto application
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\4158.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\692D.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\C2B3.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\EBFB.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\EBFC.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\10.08.2012_13.47.03\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\10.08.2012_14.06.15\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\17.07.2012_21.20.11\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\18.07.2012_22.07.08\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan
C:\Users\Ghostshell\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdagbdfdaggdhggdagcdadedfgege\background.html Win32/BHO.OEI trojan
C:\Users\Ghostshell\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdagbdfdaggdhggdagcdadedfgege\ContentScript.js Win32/BHO.OEI trojan
C:\Users\Ghostshell\Downloads\ezlookerA.exe multiple threats
C:\Users\Ghostshell\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Ghostshell\Downloads\windows-movie-maker.exe Win32/Somoto application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7XUDLNV\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7XUDLNV\cat-and-dolphin-playing-together[2].txt HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1C2MJ9I\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7XUDLNV\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7XUDLNV\cat-and-dolphin-playing-together[2].txt HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1C2MJ9I\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus
-
computer is running great
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.20.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ghostshell :: GHOSTSHELL-PC [administrator]
11/22/2012 12:48:08 AM
mbam-log-2012-11-22 (00-48-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259984
Time elapsed: 2 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
==========================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:22 AM, on 11/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe
O4 - Global Startup: Stardock MyColors.lnk = C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}: NameServer = 208.62.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HappyOSD - Unknown owner - C:\Program Files (x86)\OSD\OSD_Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8732 bytes
-
no problems, computer is still runnning great as of the last post from what i can tell, no more redirects or slow downs.
ComboFix 12-11-21.01 - Ghostshell 11/22/2012 0:18.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6487 [GMT -8:00]
Running from: c:\users\Ghostshell\Desktop\ComboFix.exe
Command switches used :: c:\users\Ghostshell\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC\AppData\Local\temp
2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 07:33 . 2012-11-22 07:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2BB0E9F-C983-4F15-9FC3-7A6B4009D88B}\offreg.dll
2012-11-22 06:51 . 2012-11-22 06:51 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Notepad++
2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\program files (x86)\Notepad++
2012-11-10 17:11 . 2012-11-10 17:11 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Moxzbot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 02:54 . 2011-09-02 01:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 03:29 . 2012-09-03 03:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 03:29 . 2011-12-01 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 01:44 . 2012-08-01 18:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 01:44 . 2012-08-01 18:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]
2012-06-17 13:07 488832 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-04-05 1149952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
"FAStartup"="" [bU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24751917
*NewlyCreated* - ASWMBR
*Deregistered* - 24751917
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373: NameServer = 208.62.222.222,208.67.220.220
FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ!#H*K*X%]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-22 00:28:31
ComboFix-quarantined-files.txt 2012-11-22 08:28
.
Pre-Run: 68,312,518,656 bytes free
Post-Run: 68,099,395,584 bytes free
.
- - End Of File - - 7FC9CDA1FAB4CBB8CB7108FDFA38C3DE
-
23:59:10.0103 3424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:59:10.0550 3424 ============================================================
23:59:10.0550 3424 Current date / time: 2012/11/21 23:59:10.0550
23:59:10.0550 3424 SystemInfo:
23:59:10.0550 3424
23:59:10.0551 3424 OS Version: 6.1.7601 ServicePack: 1.0
23:59:10.0551 3424 Product type: Workstation
23:59:10.0551 3424 ComputerName: GHOSTSHELL-PC
23:59:10.0551 3424 UserName: Ghostshell
23:59:10.0551 3424 Windows directory: C:\Windows
23:59:10.0551 3424 System windows directory: C:\Windows
23:59:10.0551 3424 Running under WOW64
23:59:10.0551 3424 Processor architecture: Intel x64
23:59:10.0551 3424 Number of processors: 8
23:59:10.0551 3424 Page size: 0x1000
23:59:10.0551 3424 Boot type: Normal boot
23:59:10.0551 3424 ============================================================
23:59:12.0059 3424 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:59:12.0068 3424 ============================================================
23:59:12.0068 3424 \Device\Harddisk0\DR0:
23:59:12.0068 3424 MBR partitions:
23:59:12.0069 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:59:12.0069 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
23:59:12.0069 3424 ============================================================
23:59:12.0094 3424 C: <-> \Device\Harddisk0\DR0\Partition2
23:59:12.0094 3424 ============================================================
23:59:12.0094 3424 Initialize success
23:59:12.0094 3424 ============================================================
23:59:28.0229 5976 ============================================================
23:59:28.0229 5976 Scan started
23:59:28.0229 5976 Mode: Manual;
23:59:28.0229 5976 ============================================================
23:59:29.0107 5976 ================ Scan system memory ========================
23:59:29.0107 5976 System memory - ok
23:59:29.0107 5976 ================ Scan services =============================
23:59:29.0443 5976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:59:29.0447 5976 1394ohci - ok
23:59:29.0479 5976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:59:29.0484 5976 ACPI - ok
23:59:29.0500 5976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:59:29.0502 5976 AcpiPmi - ok
23:59:29.0639 5976 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:59:29.0640 5976 AdobeARMservice - ok
23:59:29.0690 5976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:59:29.0697 5976 adp94xx - ok
23:59:29.0740 5976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:59:29.0745 5976 adpahci - ok
23:59:29.0758 5976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:59:29.0761 5976 adpu320 - ok
23:59:29.0795 5976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:59:29.0797 5976 AeLookupSvc - ok
23:59:29.0938 5976 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
23:59:29.0939 5976 AESTFilters - ok
23:59:29.0996 5976 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
23:59:30.0002 5976 AFD - ok
23:59:30.0030 5976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:59:30.0032 5976 agp440 - ok
23:59:30.0048 5976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:59:30.0050 5976 ALG - ok
23:59:30.0151 5976 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
23:59:30.0152 5976 AlienFusionService - ok
23:59:30.0183 5976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:59:30.0184 5976 aliide - ok
23:59:30.0193 5976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:59:30.0195 5976 amdide - ok
23:59:30.0234 5976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:59:30.0236 5976 AmdK8 - ok
23:59:30.0239 5976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:59:30.0241 5976 AmdPPM - ok
23:59:30.0273 5976 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:59:30.0275 5976 amdsata - ok
23:59:30.0297 5976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:59:30.0300 5976 amdsbs - ok
23:59:30.0315 5976 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:59:30.0315 5976 amdxata - ok
23:59:30.0379 5976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:59:30.0381 5976 AppID - ok
23:59:30.0396 5976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:59:30.0398 5976 AppIDSvc - ok
23:59:30.0441 5976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:59:30.0443 5976 Appinfo - ok
23:59:30.0542 5976 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:59:30.0544 5976 Apple Mobile Device - ok
23:59:30.0583 5976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:59:30.0585 5976 arc - ok
23:59:30.0600 5976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:59:30.0602 5976 arcsas - ok
23:59:30.0802 5976 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:59:30.0803 5976 aspnet_state - ok
23:59:30.0818 5976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:30.0820 5976 AsyncMac - ok
23:59:30.0841 5976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:59:30.0842 5976 atapi - ok
23:59:30.0897 5976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:59:30.0914 5976 AudioEndpointBuilder - ok
23:59:30.0934 5976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:59:30.0937 5976 AudioSrv - ok
23:59:30.0967 5976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:59:30.0969 5976 AxInstSV - ok
23:59:31.0000 5976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:59:31.0007 5976 b06bdrv - ok
23:59:31.0050 5976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:59:31.0054 5976 b57nd60a - ok
23:59:31.0102 5976 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:59:31.0103 5976 BCM42RLY - ok
23:59:31.0158 5976 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:59:31.0171 5976 BCM43XX - ok
23:59:31.0225 5976 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
23:59:31.0225 5976 BcmVWL - ok
23:59:31.0250 5976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:59:31.0252 5976 BDESVC - ok
23:59:31.0259 5976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:59:31.0261 5976 Beep - ok
23:59:31.0334 5976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:59:31.0342 5976 BFE - ok
23:59:31.0427 5976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:59:31.0446 5976 BITS - ok
23:59:31.0473 5976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:59:31.0476 5976 blbdrive - ok
23:59:31.0536 5976 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:59:31.0542 5976 Bonjour Service - ok
23:59:31.0578 5976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:59:31.0581 5976 bowser - ok
23:59:31.0611 5976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:59:31.0613 5976 BrFiltLo - ok
23:59:31.0624 5976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:59:31.0625 5976 BrFiltUp - ok
23:59:31.0638 5976 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:59:31.0640 5976 BridgeMP - ok
23:59:31.0672 5976 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
23:59:31.0675 5976 Browser - ok
23:59:31.0696 5976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:59:31.0700 5976 Brserid - ok
23:59:31.0711 5976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:59:31.0713 5976 BrSerWdm - ok
23:59:31.0727 5976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:59:31.0728 5976 BrUsbMdm - ok
23:59:31.0739 5976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:59:31.0741 5976 BrUsbSer - ok
23:59:31.0763 5976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:59:31.0765 5976 BTHMODEM - ok
23:59:31.0788 5976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:59:31.0791 5976 bthserv - ok
23:59:31.0794 5976 catchme - ok
23:59:31.0818 5976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:59:31.0820 5976 cdfs - ok
23:59:31.0852 5976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:59:31.0856 5976 cdrom - ok
23:59:31.0900 5976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:59:31.0902 5976 CertPropSvc - ok
23:59:31.0931 5976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:59:31.0933 5976 circlass - ok
23:59:31.0959 5976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:59:31.0965 5976 CLFS - ok
23:59:32.0119 5976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:32.0122 5976 clr_optimization_v2.0.50727_32 - ok
23:59:32.0163 5976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:59:32.0165 5976 clr_optimization_v2.0.50727_64 - ok
23:59:32.0256 5976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:32.0258 5976 clr_optimization_v4.0.30319_32 - ok
23:59:32.0269 5976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:59:32.0272 5976 clr_optimization_v4.0.30319_64 - ok
23:59:32.0333 5976 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
23:59:32.0333 5976 clwvd - ok
23:59:32.0354 5976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:32.0356 5976 CmBatt - ok
23:59:32.0373 5976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:59:32.0374 5976 cmdide - ok
23:59:32.0424 5976 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
23:59:32.0430 5976 CNG - ok
23:59:32.0461 5976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:59:32.0461 5976 Compbatt - ok
23:59:32.0497 5976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:59:32.0498 5976 CompositeBus - ok
23:59:32.0509 5976 COMSysApp - ok
23:59:32.0524 5976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:59:32.0526 5976 crcdisk - ok
23:59:32.0579 5976 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:59:32.0582 5976 CryptSvc - ok
23:59:32.0631 5976 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
23:59:32.0632 5976 DAdderFltr - ok
23:59:32.0657 5976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:59:32.0664 5976 DcomLaunch - ok
23:59:32.0693 5976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:59:32.0698 5976 defragsvc - ok
23:59:32.0732 5976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:59:32.0735 5976 DfsC - ok
23:59:32.0750 5976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:59:32.0755 5976 Dhcp - ok
23:59:32.0763 5976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:59:32.0764 5976 discache - ok
23:59:32.0797 5976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:59:32.0799 5976 Disk - ok
23:59:32.0835 5976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:59:32.0839 5976 Dnscache - ok
23:59:32.0876 5976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:59:32.0881 5976 dot3svc - ok
23:59:32.0895 5976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:59:32.0898 5976 DPS - ok
23:59:32.0934 5976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:59:32.0936 5976 drmkaud - ok
23:59:32.0982 5976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:59:32.0986 5976 DXGKrnl - ok
23:59:33.0033 5976 [ 04DDDEA79B9E616F50B9132752F656FC ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
23:59:33.0035 5976 e1kexpress - ok
23:59:33.0067 5976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:59:33.0070 5976 EapHost - ok
23:59:33.0134 5976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:59:33.0210 5976 ebdrv - ok
23:59:33.0228 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
23:59:33.0229 5976 EFS - ok
23:59:33.0294 5976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:59:33.0303 5976 ehRecvr - ok
23:59:33.0332 5976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:59:33.0334 5976 ehSched - ok
23:59:33.0361 5976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:59:33.0368 5976 elxstor - ok
23:59:33.0390 5976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:59:33.0392 5976 ErrDev - ok
23:59:33.0412 5976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:59:33.0418 5976 EventSystem - ok
23:59:33.0444 5976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:59:33.0448 5976 exfat - ok
23:59:33.0503 5976 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
23:59:33.0504 5976 FACAP - ok
23:59:33.0608 5976 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
23:59:33.0618 5976 FAService - ok
23:59:33.0627 5976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:59:33.0630 5976 fastfat - ok
23:59:33.0666 5976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:59:33.0683 5976 Fax - ok
23:59:33.0702 5976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:59:33.0704 5976 fdc - ok
23:59:33.0736 5976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:59:33.0737 5976 fdPHost - ok
23:59:33.0750 5976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:59:33.0752 5976 FDResPub - ok
23:59:33.0781 5976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:59:33.0782 5976 FileInfo - ok
23:59:33.0791 5976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:59:33.0792 5976 Filetrace - ok
23:59:33.0807 5976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:33.0809 5976 flpydisk - ok
23:59:33.0829 5976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:59:33.0833 5976 FltMgr - ok
23:59:33.0861 5976 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:59:33.0886 5976 FontCache - ok
23:59:33.0934 5976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:59:33.0937 5976 FontCache3.0.0.0 - ok
23:59:33.0950 5976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:59:33.0952 5976 FsDepends - ok
23:59:33.0961 5976 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:59:33.0962 5976 Fs_Rec - ok
23:59:34.0000 5976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:59:34.0004 5976 fvevol - ok
23:59:34.0031 5976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:59:34.0033 5976 gagp30kx - ok
23:59:34.0092 5976 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:59:34.0093 5976 GEARAspiWDM - ok
23:59:34.0137 5976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:59:34.0153 5976 gpsvc - ok
23:59:34.0208 5976 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:59:34.0208 5976 hamachi - ok
23:59:34.0569 5976 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:59:34.0661 5976 Hamachi2Svc - ok
23:59:34.0779 5976 [ 8CD92502FEC49E837155B9F20E5E2D2C ] HappyOSD C:\Program Files (x86)\OSD\OSD_Service.exe
23:59:34.0779 5976 HappyOSD - ok
23:59:34.0791 5976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:59:34.0793 5976 hcw85cir - ok
23:59:34.0835 5976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:59:34.0840 5976 HdAudAddService - ok
23:59:34.0867 5976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:34.0870 5976 HDAudBus - ok
23:59:34.0891 5976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:59:34.0893 5976 HidBatt - ok
23:59:34.0906 5976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:59:34.0908 5976 HidBth - ok
23:59:34.0935 5976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:59:34.0938 5976 HidIr - ok
23:59:34.0962 5976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:59:34.0963 5976 hidserv - ok
23:59:34.0990 5976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:59:34.0992 5976 HidUsb - ok
23:59:35.0049 5976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:59:35.0051 5976 hkmsvc - ok
23:59:35.0089 5976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:59:35.0094 5976 HomeGroupListener - ok
23:59:35.0108 5976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:59:35.0112 5976 HomeGroupProvider - ok
23:59:35.0124 5976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:59:35.0126 5976 HpSAMD - ok
23:59:35.0153 5976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:59:35.0170 5976 HTTP - ok
23:59:35.0181 5976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:59:35.0181 5976 hwpolicy - ok
23:59:35.0215 5976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:59:35.0218 5976 i8042prt - ok
23:59:35.0244 5976 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:59:35.0250 5976 iaStorV - ok
23:59:35.0314 5976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:59:35.0333 5976 idsvc - ok
23:59:35.0344 5976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:59:35.0346 5976 iirsp - ok
23:59:35.0412 5976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:59:35.0429 5976 IKEEXT - ok
23:59:35.0448 5976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:59:35.0449 5976 intelide - ok
23:59:35.0480 5976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:59:35.0481 5976 intelppm - ok
23:59:35.0523 5976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:59:35.0526 5976 IPBusEnum - ok
23:59:35.0562 5976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:35.0564 5976 IpFilterDriver - ok
23:59:35.0631 5976 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:59:35.0639 5976 iphlpsvc - ok
23:59:35.0664 5976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:59:35.0666 5976 IPMIDRV - ok
23:59:35.0683 5976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:59:35.0685 5976 IPNAT - ok
23:59:35.0755 5976 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:59:35.0775 5976 iPod Service - ok
23:59:35.0791 5976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:59:35.0794 5976 IRENUM - ok
23:59:35.0807 5976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:59:35.0809 5976 isapnp - ok
23:59:35.0827 5976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:59:35.0831 5976 iScsiPrt - ok
23:59:35.0864 5976 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
23:59:35.0866 5976 itecir - ok
23:59:35.0897 5976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:59:35.0897 5976 kbdclass - ok
23:59:35.0909 5976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:59:35.0911 5976 kbdhid - ok
23:59:35.0918 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
23:59:35.0918 5976 KeyIso - ok
23:59:35.0930 5976 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:59:35.0932 5976 KSecDD - ok
23:59:35.0969 5976 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:59:35.0971 5976 KSecPkg - ok
23:59:35.0985 5976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:59:35.0987 5976 ksthunk - ok
23:59:36.0018 5976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:59:36.0024 5976 KtmRm - ok
23:59:36.0077 5976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:59:36.0081 5976 LanmanServer - ok
23:59:36.0132 5976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:59:36.0135 5976 LanmanWorkstation - ok
23:59:36.0170 5976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:59:36.0172 5976 lltdio - ok
23:59:36.0192 5976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:59:36.0197 5976 lltdsvc - ok
23:59:36.0211 5976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:59:36.0213 5976 lmhosts - ok
23:59:36.0227 5976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:59:36.0230 5976 LSI_FC - ok
23:59:36.0234 5976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:59:36.0236 5976 LSI_SAS - ok
23:59:36.0244 5976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:59:36.0247 5976 LSI_SAS2 - ok
23:59:36.0257 5976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:59:36.0260 5976 LSI_SCSI - ok
23:59:36.0276 5976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:59:36.0278 5976 luafv - ok
23:59:36.0320 5976 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
23:59:36.0322 5976 ManyCam - ok
23:59:36.0369 5976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:59:36.0372 5976 Mcx2Svc - ok
23:59:36.0382 5976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:59:36.0384 5976 megasas - ok
23:59:36.0418 5976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:59:36.0426 5976 MegaSR - ok
23:59:36.0439 5976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:59:36.0441 5976 MMCSS - ok
23:59:36.0455 5976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:59:36.0457 5976 Modem - ok
23:59:36.0466 5976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:59:36.0467 5976 monitor - ok
23:59:36.0486 5976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:59:36.0486 5976 mouclass - ok
23:59:36.0520 5976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:59:36.0522 5976 mouhid - ok
23:59:36.0565 5976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:59:36.0567 5976 mountmgr - ok
23:59:36.0640 5976 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:59:36.0642 5976 MozillaMaintenance - ok
23:59:36.0679 5976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:59:36.0684 5976 mpio - ok
23:59:36.0696 5976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:59:36.0698 5976 mpsdrv - ok
23:59:36.0758 5976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:59:36.0775 5976 MpsSvc - ok
23:59:36.0818 5976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:59:36.0821 5976 MRxDAV - ok
23:59:36.0853 5976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:36.0856 5976 mrxsmb - ok
23:59:36.0892 5976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:36.0896 5976 mrxsmb10 - ok
23:59:36.0909 5976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:36.0912 5976 mrxsmb20 - ok
23:59:36.0935 5976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:59:36.0935 5976 msahci - ok
23:59:36.0953 5976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:59:36.0957 5976 msdsm - ok
23:59:36.0970 5976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:59:36.0974 5976 MSDTC - ok
23:59:37.0013 5976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:59:37.0016 5976 Msfs - ok
23:59:37.0046 5976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:59:37.0048 5976 mshidkmdf - ok
23:59:37.0057 5976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:59:37.0058 5976 msisadrv - ok
23:59:37.0093 5976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:59:37.0097 5976 MSiSCSI - ok
23:59:37.0100 5976 msiserver - ok
23:59:37.0263 5976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:59:37.0324 5976 MSKSSRV - ok
23:59:37.0359 5976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:37.0361 5976 MSPCLOCK - ok
23:59:37.0367 5976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:59:37.0369 5976 MSPQM - ok
23:59:37.0413 5976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:59:37.0418 5976 MsRPC - ok
23:59:37.0433 5976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:59:37.0433 5976 mssmbios - ok
23:59:37.0507 5976 MSSQL$SQLEXPRESS - ok
23:59:37.0593 5976 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:59:37.0595 5976 MSSQLServerADHelper100 - ok
23:59:37.0614 5976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:59:37.0616 5976 MSTEE - ok
23:59:37.0629 5976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:59:37.0631 5976 MTConfig - ok
23:59:37.0658 5976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:59:37.0659 5976 Mup - ok
23:59:37.0701 5976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:59:37.0708 5976 napagent - ok
23:59:37.0738 5976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:59:37.0742 5976 NativeWifiP - ok
23:59:37.0792 5976 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:59:37.0813 5976 NDIS - ok
23:59:37.0823 5976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:59:37.0826 5976 NdisCap - ok
23:59:37.0852 5976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:37.0853 5976 NdisTapi - ok
23:59:37.0881 5976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:37.0883 5976 Ndisuio - ok
23:59:37.0919 5976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:37.0922 5976 NdisWan - ok
23:59:37.0949 5976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:59:37.0951 5976 NDProxy - ok
23:59:37.0958 5976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:59:37.0960 5976 NetBIOS - ok
23:59:37.0979 5976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:59:37.0982 5976 NetBT - ok
23:59:37.0989 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
23:59:37.0990 5976 Netlogon - ok
23:59:38.0019 5976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:59:38.0024 5976 Netman - ok
23:59:38.0071 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:38.0074 5976 NetMsmqActivator - ok
23:59:38.0094 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:38.0095 5976 NetPipeActivator - ok
23:59:38.0112 5976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:59:38.0119 5976 netprofm - ok
23:59:38.0186 5976 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
23:59:38.0211 5976 netr28ux - ok
23:59:38.0231 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:38.0232 5976 NetTcpActivator - ok
23:59:38.0235 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:38.0236 5976 NetTcpPortSharing - ok
23:59:38.0257 5976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:59:38.0258 5976 nfrd960 - ok
23:59:38.0279 5976 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:59:38.0284 5976 NlaSvc - ok
23:59:38.0298 5976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:59:38.0300 5976 Npfs - ok
23:59:38.0322 5976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:59:38.0324 5976 nsi - ok
23:59:38.0333 5976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:59:38.0333 5976 nsiproxy - ok
23:59:38.0370 5976 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:59:38.0404 5976 Ntfs - ok
23:59:38.0473 5976 nTuneService - ok
23:59:38.0484 5976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:59:38.0486 5976 Null - ok
23:59:38.0545 5976 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:59:38.0546 5976 NVHDA - ok
23:59:38.0765 5976 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:59:38.0830 5976 nvlddmkm - ok
23:59:38.0874 5976 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys
23:59:38.0875 5976 NVR0Dev - ok
23:59:38.0908 5976 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:59:38.0912 5976 nvraid - ok
23:59:38.0926 5976 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:59:38.0930 5976 nvstor - ok
23:59:38.0980 5976 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:59:39.0000 5976 nvsvc - ok
23:59:39.0048 5976 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:59:39.0073 5976 nvUpdatusService - ok
23:59:39.0111 5976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:59:39.0114 5976 nv_agp - ok
23:59:39.0130 5976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:59:39.0132 5976 ohci1394 - ok
23:59:39.0163 5976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:59:39.0168 5976 p2pimsvc - ok
23:59:39.0185 5976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:59:39.0191 5976 p2psvc - ok
23:59:39.0218 5976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:59:39.0220 5976 Parport - ok
23:59:39.0254 5976 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:59:39.0256 5976 partmgr - ok
23:59:39.0271 5976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:59:39.0275 5976 PcaSvc - ok
23:59:39.0284 5976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:59:39.0287 5976 pci - ok
23:59:39.0305 5976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:59:39.0307 5976 pciide - ok
23:59:39.0328 5976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:59:39.0331 5976 pcmcia - ok
23:59:39.0348 5976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:59:39.0349 5976 pcw - ok
23:59:39.0366 5976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:59:39.0383 5976 PEAUTH - ok
23:59:39.0459 5976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:59:39.0461 5976 PerfHost - ok
23:59:39.0500 5976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:59:39.0526 5976 pla - ok
23:59:39.0587 5976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:59:39.0594 5976 PlugPlay - ok
23:59:39.0601 5976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:59:39.0603 5976 PNRPAutoReg - ok
23:59:39.0616 5976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:59:39.0618 5976 PNRPsvc - ok
23:59:39.0663 5976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:59:39.0670 5976 PolicyAgent - ok
23:59:39.0704 5976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:59:39.0707 5976 Power - ok
23:59:39.0746 5976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:59:39.0767 5976 PptpMiniport - ok
23:59:39.0778 5976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:59:39.0780 5976 Processor - ok
23:59:39.0793 5976 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
23:59:39.0797 5976 ProfSvc - ok
23:59:39.0805 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
23:59:39.0805 5976 ProtectedStorage - ok
23:59:39.0833 5976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:59:39.0836 5976 Psched - ok
23:59:39.0889 5976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:59:39.0915 5976 ql2300 - ok
23:59:39.0927 5976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:59:39.0929 5976 ql40xx - ok
23:59:39.0959 5976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:59:39.0965 5976 QWAVE - ok
23:59:39.0973 5976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:59:39.0974 5976 QWAVEdrv - ok
23:59:39.0994 5976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:59:39.0995 5976 RasAcd - ok
23:59:40.0014 5976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:59:40.0016 5976 RasAgileVpn - ok
23:59:40.0028 5976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:59:40.0031 5976 RasAuto - ok
23:59:40.0071 5976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:40.0073 5976 Rasl2tp - ok
23:59:40.0090 5976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:59:40.0095 5976 RasMan - ok
23:59:40.0106 5976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:40.0108 5976 RasPppoe - ok
23:59:40.0116 5976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:59:40.0118 5976 RasSstp - ok
23:59:40.0135 5976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:59:40.0139 5976 rdbss - ok
23:59:40.0156 5976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:59:40.0158 5976 rdpbus - ok
23:59:40.0171 5976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:40.0172 5976 RDPCDD - ok
23:59:40.0186 5976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:59:40.0187 5976 RDPENCDD - ok
23:59:40.0201 5976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:59:40.0202 5976 RDPREFMP - ok
23:59:40.0241 5976 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:59:40.0245 5976 RDPWD - ok
23:59:40.0267 5976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:59:40.0270 5976 rdyboost - ok
23:59:40.0302 5976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:59:40.0305 5976 RemoteAccess - ok
23:59:40.0317 5976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:59:40.0321 5976 RemoteRegistry - ok
23:59:40.0365 5976 [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
23:59:40.0367 5976 rimmptsk - ok
23:59:40.0376 5976 [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
23:59:40.0378 5976 rimsptsk - ok
23:59:40.0388 5976 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
23:59:40.0390 5976 rismxdp - ok
23:59:40.0398 5976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:59:40.0401 5976 RpcEptMapper - ok
23:59:40.0409 5976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:59:40.0411 5976 RpcLocator - ok
23:59:40.0455 5976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:59:40.0458 5976 RpcSs - ok
23:59:40.0509 5976 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
23:59:40.0514 5976 RsFx0103 - ok
23:59:40.0532 5976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:59:40.0534 5976 rspndr - ok
23:59:40.0547 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
23:59:40.0548 5976 SamSs - ok
23:59:40.0568 5976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:59:40.0570 5976 sbp2port - ok
23:59:40.0587 5976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:59:40.0592 5976 SCardSvr - ok
23:59:40.0625 5976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:59:40.0627 5976 scfilter - ok
23:59:40.0671 5976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:59:40.0697 5976 Schedule - ok
23:59:40.0713 5976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:59:40.0713 5976 SCPolicySvc - ok
23:59:40.0759 5976 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:59:40.0761 5976 sdbus - ok
23:59:40.0801 5976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:59:40.0805 5976 SDRSVC - ok
23:59:40.0829 5976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:59:40.0830 5976 secdrv - ok
23:59:40.0841 5976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:59:40.0844 5976 seclogon - ok
23:59:40.0883 5976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:59:40.0886 5976 SENS - ok
23:59:40.0896 5976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:59:40.0898 5976 SensrSvc - ok
23:59:40.0915 5976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:59:40.0917 5976 Serenum - ok
23:59:40.0946 5976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:59:40.0948 5976 Serial - ok
23:59:40.0961 5976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:59:40.0963 5976 sermouse - ok
23:59:40.0999 5976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:59:41.0002 5976 SessionEnv - ok
23:59:41.0029 5976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:59:41.0031 5976 sffdisk - ok
23:59:41.0051 5976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:59:41.0053 5976 sffp_mmc - ok
23:59:41.0062 5976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:59:41.0064 5976 sffp_sd - ok
23:59:41.0076 5976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:41.0077 5976 sfloppy - ok
23:59:41.0117 5976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:59:41.0123 5976 SharedAccess - ok
23:59:41.0168 5976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:59:41.0174 5976 ShellHWDetection - ok
23:59:41.0184 5976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:41.0186 5976 SiSRaid2 - ok
23:59:41.0203 5976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:41.0206 5976 SiSRaid4 - ok
23:59:41.0278 5976 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:59:41.0279 5976 SkypeUpdate - ok
23:59:41.0300 5976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:59:41.0302 5976 Smb - ok
23:59:41.0343 5976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:59:41.0346 5976 SNMPTRAP - ok
23:59:41.0353 5976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:59:41.0353 5976 spldr - ok
23:59:41.0392 5976 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
23:59:41.0409 5976 Spooler - ok
23:59:41.0492 5976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:59:41.0600 5976 sppsvc - ok
23:59:41.0615 5976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:59:41.0617 5976 sppuinotify - ok
23:59:41.0668 5976 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:59:41.0674 5976 SQLAgent$SQLEXPRESS - ok
23:59:41.0726 5976 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:59:41.0731 5976 SQLBrowser - ok
23:59:41.0755 5976 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:59:41.0757 5976 SQLWriter - ok
23:59:41.0798 5976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:59:41.0804 5976 srv - ok
23:59:41.0818 5976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:59:41.0824 5976 srv2 - ok
23:59:41.0839 5976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:59:41.0843 5976 srvnet - ok
23:59:41.0865 5976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:59:41.0869 5976 SSDPSRV - ok
23:59:41.0883 5976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:59:41.0886 5976 SstpSvc - ok
23:59:42.0020 5976 [ 1FCAF9C8A17985A28507338F36200320 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
23:59:42.0025 5976 STacSV - ok
23:59:42.0068 5976 Steam Client Service - ok
23:59:42.0164 5976 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:59:42.0168 5976 Stereo Service - ok
23:59:42.0202 5976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:59:42.0204 5976 stexstor - ok
23:59:42.0229 5976 [ 3C400155894B9CAF176EB4F64737050B ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
23:59:42.0236 5976 STHDA - ok
23:59:42.0285 5976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:59:42.0293 5976 stisvc - ok
23:59:42.0320 5976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:59:42.0320 5976 swenum - ok
23:59:42.0359 5976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:59:42.0367 5976 swprv - ok
23:59:42.0425 5976 [ 5C9BB68B1F4BBCB85B4F6E675FC523A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:59:42.0427 5976 SynTP - ok
23:59:42.0488 5976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:59:42.0521 5976 SysMain - ok
23:59:42.0557 5976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:59:42.0560 5976 TabletInputService - ok
23:59:42.0598 5976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:59:42.0604 5976 TapiSrv - ok
23:59:42.0617 5976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:59:42.0618 5976 TBS - ok
23:59:42.0695 5976 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:59:42.0728 5976 Tcpip - ok
23:59:42.0769 5976 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:59:42.0777 5976 TCPIP6 - ok
23:59:42.0819 5976 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:59:42.0821 5976 tcpipreg - ok
23:59:42.0853 5976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:59:42.0854 5976 TDPIPE - ok
23:59:42.0872 5976 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:59:42.0873 5976 TDTCP - ok
23:59:42.0911 5976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:59:42.0914 5976 tdx - ok
23:59:42.0946 5976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:59:42.0947 5976 TermDD - ok
23:59:42.0965 5976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:59:42.0982 5976 TermService - ok
23:59:42.0990 5976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:59:42.0993 5976 Themes - ok
23:59:43.0014 5976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:59:43.0015 5976 THREADORDER - ok
23:59:43.0028 5976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:59:43.0031 5976 TrkWks - ok
23:59:43.0096 5976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:59:43.0099 5976 TrustedInstaller - ok
23:59:43.0138 5976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:43.0139 5976 tssecsrv - ok
23:59:43.0184 5976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:59:43.0186 5976 TsUsbFlt - ok
23:59:43.0215 5976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:59:43.0217 5976 tunnel - ok
23:59:43.0259 5976 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:59:43.0259 5976 TurboB - ok
23:59:43.0340 5976 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:59:43.0344 5976 TurboBoost - ok
23:59:43.0371 5976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:59:43.0374 5976 uagp35 - ok
23:59:43.0396 5976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:59:43.0401 5976 udfs - ok
23:59:43.0418 5976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:59:43.0420 5976 UI0Detect - ok
23:59:43.0461 5976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:59:43.0463 5976 uliagpkx - ok
23:59:43.0481 5976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:59:43.0483 5976 umbus - ok
23:59:43.0502 5976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:59:43.0504 5976 UmPass - ok
23:59:43.0538 5976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:59:43.0544 5976 upnphost - ok
23:59:43.0576 5976 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:59:43.0578 5976 USBAAPL64 - ok
23:59:43.0632 5976 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:59:43.0634 5976 usbaudio - ok
23:59:43.0674 5976 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:43.0677 5976 usbccgp - ok
23:59:43.0700 5976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:59:43.0702 5976 usbcir - ok
23:59:43.0716 5976 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:59:43.0718 5976 usbehci - ok
23:59:43.0732 5976 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
23:59:43.0737 5976 usbhub - ok
23:59:43.0746 5976 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:59:43.0749 5976 usbohci - ok
23:59:43.0761 5976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:59:43.0763 5976 usbprint - ok
23:59:43.0797 5976 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:43.0799 5976 USBSTOR - ok
23:59:43.0813 5976 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:59:43.0816 5976 usbuhci - ok
23:59:43.0853 5976 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:59:43.0856 5976 usbvideo - ok
23:59:43.0868 5976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:59:43.0871 5976 UxSms - ok
23:59:43.0880 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
23:59:43.0881 5976 VaultSvc - ok
23:59:43.0889 5976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:59:43.0889 5976 vdrvroot - ok
23:59:43.0941 5976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:59:43.0957 5976 vds - ok
23:59:43.0983 5976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:43.0985 5976 vga - ok
23:59:43.0996 5976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:59:43.0998 5976 VgaSave - ok
23:59:44.0012 5976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:59:44.0016 5976 vhdmp - ok
23:59:44.0033 5976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:59:44.0035 5976 viaide - ok
23:59:44.0052 5976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:59:44.0054 5976 volmgr - ok
23:59:44.0094 5976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:59:44.0099 5976 volmgrx - ok
23:59:44.0114 5976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:59:44.0118 5976 volsnap - ok
23:59:44.0140 5976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:44.0144 5976 vsmraid - ok
23:59:44.0323 5976 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
23:59:44.0325 5976 VSPerfDrv100 - ok
23:59:44.0380 5976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:59:44.0413 5976 VSS - ok
23:59:44.0423 5976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:59:44.0424 5976 vwifibus - ok
23:59:44.0436 5976 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:59:44.0439 5976 vwififlt - ok
23:59:44.0459 5976 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:59:44.0459 5976 vwifimp - ok
23:59:44.0499 5976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:59:44.0506 5976 W32Time - ok
23:59:44.0525 5976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:59:44.0526 5976 WacomPen - ok
23:59:44.0575 5976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:59:44.0577 5976 WANARP - ok
23:59:44.0580 5976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:59:44.0581 5976 Wanarpv6 - ok
23:59:44.0644 5976 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:59:44.0669 5976 WatAdminSvc - ok
23:59:44.0729 5976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:59:44.0756 5976 wbengine - ok
23:59:44.0771 5976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:59:44.0776 5976 WbioSrvc - ok
23:59:44.0821 5976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:59:44.0827 5976 wcncsvc - ok
23:59:44.0840 5976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:59:44.0843 5976 WcsPlugInService - ok
23:59:44.0868 5976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:59:44.0869 5976 Wd - ok
23:59:44.0894 5976 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:59:44.0910 5976 Wdf01000 - ok
23:59:44.0926 5976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:59:44.0930 5976 WdiServiceHost - ok
23:59:44.0933 5976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:59:44.0935 5976 WdiSystemHost - ok
23:59:44.0946 5976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:59:44.0951 5976 WebClient - ok
23:59:44.0961 5976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:59:44.0966 5976 Wecsvc - ok
23:59:44.0977 5976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:59:44.0981 5976 wercplsupport - ok
23:59:45.0001 5976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:59:45.0004 5976 WerSvc - ok
23:59:45.0014 5976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:45.0016 5976 WfpLwf - ok
23:59:45.0032 5976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:59:45.0034 5976 WIMMount - ok
23:59:45.0074 5976 WinDefend - ok
23:59:45.0171 5976 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
23:59:45.0173 5976 WindowBlinds - ok
23:59:45.0178 5976 WinHttpAutoProxySvc - ok
23:59:45.0242 5976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:59:45.0246 5976 Winmgmt - ok
23:59:45.0317 5976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:59:45.0367 5976 WinRM - ok
23:59:45.0417 5976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:59:45.0418 5976 WinUsb - ok
23:59:45.0456 5976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:59:45.0481 5976 Wlansvc - ok
23:59:45.0522 5976 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
23:59:45.0524 5976 wltrysvc - ok
23:59:45.0537 5976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:59:45.0538 5976 WmiAcpi - ok
23:59:45.0567 5976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:59:45.0571 5976 wmiApSrv - ok
23:59:45.0601 5976 WMPNetworkSvc - ok
23:59:45.0619 5976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:59:45.0622 5976 WPCSvc - ok
23:59:45.0661 5976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:59:45.0665 5976 WPDBusEnum - ok
23:59:45.0684 5976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:59:45.0684 5976 ws2ifsl - ok
23:59:45.0726 5976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:59:45.0729 5976 wscsvc - ok
23:59:45.0732 5976 WSearch - ok
23:59:45.0801 5976 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
23:59:45.0868 5976 wuauserv - ok
23:59:45.0901 5976 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:59:45.0903 5976 WudfPf - ok
23:59:45.0938 5976 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:45.0942 5976 WUDFRd - ok
23:59:45.0958 5976 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:59:45.0961 5976 wudfsvc - ok
23:59:45.0987 5976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:59:45.0992 5976 WwanSvc - ok
23:59:46.0031 5976 ================ Scan global ===============================
23:59:46.0055 5976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:59:46.0084 5976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:59:46.0093 5976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:59:46.0114 5976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:59:46.0154 5976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:59:46.0160 5976 [Global] - ok
23:59:46.0161 5976 ================ Scan MBR ==================================
23:59:46.0179 5976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:59:46.0489 5976 \Device\Harddisk0\DR0 - ok
23:59:46.0489 5976 ================ Scan VBR ==================================
23:59:46.0491 5976 [ 30D2389C7B05B11E67EB039F63ACD4B8 ] \Device\Harddisk0\DR0\Partition1
23:59:46.0493 5976 \Device\Harddisk0\DR0\Partition1 - ok
23:59:46.0499 5976 [ A0A89077AA5B897F3231741F6E3F1496 ] \Device\Harddisk0\DR0\Partition2
23:59:46.0501 5976 \Device\Harddisk0\DR0\Partition2 - ok
23:59:46.0502 5976 ============================================================
23:59:46.0502 5976 Scan finished
23:59:46.0502 5976 ============================================================
23:59:46.0510 6048 Detected object count: 0
23:59:46.0511 6048 Actual detected object count: 0
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-22 00:01:59
-----------------------------
00:01:59.208 OS Version: Windows x64 6.1.7601 Service Pack 1
00:01:59.209 Number of processors: 8 586 0x1E05
00:01:59.209 ComputerName: GHOSTSHELL-PC UserName: Ghostshell
00:02:00.936 Initialize success
00:02:38.090 AVAST engine download error: 0
00:04:09.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:04:09.966 Disk 0 Vendor: ST9250410AS D004SDM1 Size: 238475MB BusType: 11
00:04:10.057 Disk 0 MBR read successfully
00:04:10.061 Disk 0 MBR scan
00:04:10.065 Disk 0 Windows 7 default MBR code
00:04:10.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:10.110 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
00:04:10.141 Disk 0 scanning C:\Windows\system32\drivers
00:04:19.683 Service scanning
00:04:36.429 Modules scanning
00:04:36.440 Disk 0 trace - called modules:
00:04:36.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:04:36.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bc3790]
00:04:36.505 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079790c0]
00:04:36.512 Scan finished successfully
00:04:46.212 Disk 0 MBR has been saved successfully to "C:\Users\Ghostshell\Desktop\MBR.dat"
00:04:46.219 The log file has been saved successfully to "C:\Users\Ghostshell\Desktop\aswMBR.txt"
-
No problems running combo fix, opening new windows/tabs seem to work fine now with no redirects or serious slow downs. Thank you for helping me, please let me know what to do next
ComboFix 12-11-21.01 - Ghostshell 11/21/2012 23:13:49.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6667 [GMT -8:00]
Running from: c:\users\Ghostshell\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\4158.tmp
c:\programdata\Microsoft\Windows\DRM\692D.tmp
c:\programdata\Microsoft\Windows\DRM\C2B3.tmp
c:\programdata\Microsoft\Windows\DRM\EBFB.tmp
c:\programdata\Microsoft\Windows\DRM\EBFC.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 07:25 . 2012-11-22 07:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2BB0E9F-C983-4F15-9FC3-7A6B4009D88B}\offreg.dll
2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC\AppData\Local\temp
2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 06:51 . 2012-11-22 06:51 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Notepad++
2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\program files (x86)\Notepad++
2012-11-10 17:11 . 2012-11-10 17:11 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Moxzbot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 02:54 . 2011-09-02 01:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 03:29 . 2012-09-03 03:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 03:29 . 2011-12-01 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 01:44 . 2012-08-01 18:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 01:44 . 2012-08-01 18:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]
2012-06-17 13:07 488832 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-04-05 1149952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343: NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373: NameServer = 208.62.222.222,208.67.220.220
FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ!#H*K*X%]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-11-21 23:31:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-22 07:31
.
Pre-Run: 68,290,519,040 bytes free
Post-Run: 68,159,197,184 bytes free
.
- - End Of File - - 6555B98AAC30E2B3080EEB72C5805E20
-
thank you very much for the assistance!
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````AntivirusFirewall Check``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malwareOther Utilities Check`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 6 Update 31
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.257 Flash Player out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C 3%
````````````````````End of Log``````````````````````
==============================================
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 22:49:22
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ghostshell - GHOSTSHELL-PC
# Boot Mode : Normal
# Running from : C:\Users\Ghostshell\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Users\Ghostshell\AppData\Local\APN
Folder Deleted : C:\Users\Ghostshell\AppData\Local\Conduit
Folder Deleted : C:\Users\Ghostshell\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\ConduitCommon
Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\CT2790392
Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (en-US)
Profile name : default
File : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\prefs.js
C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\user.js ... Deleted !
Deleted : user_pref("CT2790392..clientLogIsEnabled", true);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "17-8-2011");
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Tue Aug 16 2011 20:14:05 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 189);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "17-8-2011");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2790392.InstalledDate", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.5.0.12", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2790392.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2790392.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2790392.SearchProtectorEnabled", false);
Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2790392.UserID", "UN40666071406563929");
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Tue Aug 16 2011 20:10:07 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "C");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.backendstorage.pairingkey", "32383244313839453434363337443141364634324232303138[...]
Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2790392.backendstorage.url_history", "687474703A2F2F646576696C73776F726B73686F702E6F726[...]
Deleted : user_pref("CT2790392.backendstorage.url_history_time", "31333133353530383337383330");
Deleted : user_pref("CT2790392.backendstorage.uttorrents", "7B226275696C64223A32353433322C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.initDone", true);
Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2790392.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ghostshell\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 16 2011 17:09:55 GMT-0700 (Pac[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "22466031-31f4-4769-8d59-4ae74b96c4f7");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 16 2011 17:09:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 16 2011 18:10:04 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 16 2011 17:09:53 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "85950f62-69ef-476f-bccf-027ec23cada1");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1348731290);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.affid", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1348731290");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1348731290");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Wed Nov 21 2012 16:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Nov 27 2012 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1353543287");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2240944%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1349316387005");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221238%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2286999%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1349316380725");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.emailsig", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.exposesites", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "41");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Wed Nov 21[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 17);
Deleted : user_pref("extensions.crossriderapp4493.4493.premium", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 41);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13a2985fedfa700a1597963c1b7cab38");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1349316378);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22559054);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22559056);
Deleted : user_pref("extensions.crossriderapp4493.misc.lastBgWorkerTimer", "1353543326697");
Deleted : user_pref("extensions.crossriderapp4493.misc.lastDomWorkerTimer", "1353543326697");
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "crossriderapp4493@crossrider.com:0.81.12,{972ce4c6-7e08-4474-[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10589");
Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");
Deleted : user_pref("extensions.incredibar_i.hardId", "32b459e3000000000000c446192559ba");
Deleted : user_pref("extensions.incredibar_i.id", "32b459e3000000000000c446192559ba");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15341");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8fAMlSQM");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92823603489226040");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2721:50:50");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
-\\ Google Chrome v23.0.1271.64
File : C:\Users\Ghostshell\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.16] : homepage = "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994[...]
Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90[...]
Deleted [l.1653] : homepage = "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba4[...]
Deleted [l.2084] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55[...]
*************************
AdwCleaner[s1].txt - [31392 octets] - [21/11/2012 22:49:22]
########## EOF - C:\AdwCleaner[s1].txt - [31453 octets] ##########
=================================================
RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ghostshell [Admin rights]
Mode : Remove -- Date : 11/21/2012 22:53:37
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> DELETED
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> DELETED
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /c -> DELETED
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> DELETED
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> DELETED
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> DELETED
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> ERROR
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /c -> ERROR
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> ERROR
[TASK][sUSP PATH] {A187D0D7-1E2E-4BCD-AC26-21F050719B33} : "c:\users\ghostshell\appdata\local\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2 -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer (208.62.222.222,208.67.220.220) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer (208.62.222.222,208.67.220.220) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\201d3dde --> REMOVED
[Del.Parent][FILE] 55490ac4 : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\55490ac4 --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9250410AS ATA Device +++++
--- User ---
[MBR] 478efe6c5c618819af8753cb9435931d
[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11212012_02d2253.txt >>
RKreport[1]_S_11212012_02d2253.txt ; RKreport[2]_D_11212012_02d2253.txt
-
Redirect virus really slowing down my computer
, Got it possibly from what seemed like a java update but can't be sure, please help! Malwarebytes will detect it but not remove it, posted the log after the DDS/Attach logs.========================================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Ghostshell at 21:30:48 on 2012-11-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.3435 [GMT -8:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WLANExt.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\World of Warcraft\Wow-64.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.223\deploy\LolClient.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
uRun: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe
uRun: [Google Update] "C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [FAStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\0527564747970264C6970266F62702160275966696 : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\0527564747970264C6970266F62702160275966696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6 : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696 : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343 : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\46C696E6B602231333 : DHCPNameServer = 128.54.16.2 132.239.0.252
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373 : NameServer = 208.62.222.222,208.67.220.220
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Ghostshell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ghostshell\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.instlDay - 15341
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50:50
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM
FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-6-29 89600]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-6-29 20984]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-1-15 273072]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-12 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-1 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-11-19 01:35:39 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-11-10 17:11:21 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\Moxzbot
.
==================== Find3M ====================
.
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-03 03:29:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 03:29:45 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-27 01:44:58 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 01:44:58 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 21:34:00.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2011 11:48:02 AM
System Uptime: 11/21/2012 5:56:37 PM (4 hours ago)
.
Motherboard: Alienware | |
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1597/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 61.538 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP144: 11/12/2012 10:44:24 AM - Scheduled Checkpoint
RP145: 11/19/2012 4:46:32 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier (x64)
AutoHotkey 1.0.48.05
BitTorrent
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command Center
Coupon Companion
Crystal Reports for Visual Studio
CyberLink YouCam
Debugging Tools for Windows (x64)
Diablo III
Do It Again
Dota 2
Dotfuscator Software Services - Community Edition
Drivers For Free
Dropbox
DW WLAN Card Utility
EVGA Precision 2.1.2
Facebook Video Calling 1.2.0.287
Google Chrome
Heroes of Newerth
IDT Audio
Intel® Network Connections 14.2.100.0
Intel® Turbo Boost Technology Monitor 2.0
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 31
JavaFX 2.1.1
JungleTimer
League of Legends
LogMeIn Hamachi
LolMatches Client
LOLReplay
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Windows Debugging Symbols
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
Mumble 1.2.3
MurGee Auto Mouse Click 1.0
Notepad++
NVIDIA 3D Vision Driver 301.42
NVIDIA Control Panel 301.42
NVIDIA Display Control Panel
NVIDIA Graphics Driver 301.42
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA nTune
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.8.15
NVIDIA Update Components
OSD Setup
Pando Media Booster
Prism Video File Converter
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 5.10
Sql Server Customer Experience Improvement Program
StarCraft II
Stardock MyColors
Steam
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Team Fortress 2
TeamSpeak 3 Client
Terraria
Unigine Heaven DX11 Benchmark 2.5 version 2.5
Vegas Pro 10.0
Ventrilo Client for Windows x64
VideoFileDownload
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
Web Deployment Tool
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (05/01/2009 5.1.0000.1)
Windows Movie Maker 6.1
WinRAR 4.01 (32-bit)
World of Warcraft
XSplit
.
==== Event Viewer Messages From Past Week ========
.
11/21/2012 7:28:15 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/21/2012 7:28:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
11/21/2012 3:46:31 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/21/2012 3:46:31 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
11/21/2012 3:44:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/21/2012 3:44:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
11/21/2012 3:44:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/21/2012 3:44:18 PM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 3:43:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/20/2012 5:38:20 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/18/2012 5:35:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
11/18/2012 5:35:43 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2012 5:35:42 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
malwarebytes log
=======================================
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.20.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ghostshell :: GHOSTSHELL-PC [administrator]
11/21/2012 9:25:59 PM
mbam-log-2012-11-21 (21-25-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267330
Time elapsed: 7 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
-
Seems good, thank you very much for the help!
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ghostshell :: GHOSTSHELL-PC [administrator]
8/10/2012 3:01:23 PM
mbam-log-2012-08-10 (15-01-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244237
Time elapsed: 4 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
haha yes but it must have slipped my mind after the scan, sorry for overlooking that. After restartrig once that resolved itself, going to post quick scan mbam soon as its done
-
The scan ran fine, but after the restart, it said do not open any programs until after it is finished which was fine, the log came up. But now i cannot open programs such as mozilla or internet explorer, i get this message :
c:\Program Files (x86)\Mozilla Firefox\firefox.exe
Illegal operation attempted on a registry key that has been marked for deletion.
saved log on flashdrive and posting on another computer
ComboFix 12-08-09.01 - Ghostshell 08/10/2012 14:28:36.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6476 [GMT -7:00]
Running from: c:\users\Ghostshell\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 21:36 . 2012-08-10 21:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-10 21:36 . 2012-08-10 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 21:08 . 2012-08-10 21:08 -------- d-----w- C:\FRST
2012-08-08 18:16 . 2012-08-08 18:20 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\FileZilla
2012-08-04 02:45 . 2012-08-04 02:45 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\EBFC.tmp
2012-08-04 02:45 . 2012-08-04 02:45 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\EBFB.tmp
2012-08-02 03:48 . 2012-08-02 03:48 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\4158.tmp
2012-08-01 18:18 . 2012-08-01 18:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 18:18 . 2012-08-01 18:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 22:36 . 2012-07-30 22:36 -------- d-----w- c:\users\Ghostshell\AppData\Local\Macromedia
2012-07-21 18:44 . 2012-07-21 18:44 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\libimobiledevice
2012-07-21 18:44 . 2012-08-02 01:43 -------- d-----w- c:\program files (x86)\Tansee iPhone Transfer Contact
2012-07-21 18:43 . 2012-08-04 03:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\GetRightToGo
2012-07-21 16:10 . 2012-07-21 16:10 -------- d-----w- c:\program files\iPod
2012-07-21 16:10 . 2012-07-21 16:11 -------- d-----w- c:\program files\iTunes
2012-07-21 16:10 . 2012-07-21 16:11 -------- d-----w- c:\program files (x86)\iTunes
2012-07-21 16:08 . 2012-07-21 16:08 -------- d-----w- c:\program files\Bonjour
2012-07-21 16:08 . 2012-07-21 16:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-20 09:17 . 2012-07-20 09:17 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\692D.tmp
2012-07-19 04:54 . 2012-07-19 04:54 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-18 21:09 . 2012-07-19 04:52 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Clipdiary
2012-07-18 06:03 . 2012-07-18 06:03 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C2B3.tmp
2012-07-18 04:22 . 2012-08-10 21:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 03:06 . 2012-07-18 05:22 -------- d-----w- c:\program files (x86)\Diablo III
2012-07-18 03:05 . 2012-07-18 03:05 -------- d-----w- c:\programdata\Battle.net
2012-07-16 20:45 . 2012-07-16 20:45 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC
2012-07-16 20:44 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-16 20:44 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-16 20:44 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-16 20:44 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-16 20:44 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-16 20:44 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-16 20:43 . 2012-07-16 20:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-16 09:48 . 2012-07-16 09:48 -------- d-----w- c:\program files (x86)\OApps
2012-07-16 09:48 . 2012-07-16 09:48 -------- d-----w- c:\program files (x86)\TorrentSearch
2012-07-16 09:47 . 2012-07-18 22:02 -------- d-----w- c:\program files (x86)\smartdl
2012-07-13 20:07 . 2012-07-13 20:06 372736 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-07-13 20:07 . 2007-07-03 23:41 978944 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-13 20:07 . 2007-07-03 23:41 520192 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-13 20:07 . 2007-07-03 23:41 1524736 ----a-w- c:\windows\system32\MFC71.dll
2012-07-13 20:07 . 2007-06-26 05:21 403456 ----a-w- c:\windows\system32\nvcpl.cpl
2012-07-13 20:07 . 2007-06-26 05:21 2065920 ----a-w- c:\windows\system32\nvcplUI.exe
2012-07-13 20:07 . 2007-06-26 05:21 1064448 ----a-w- c:\windows\system32\nvcplUIR.dll
2012-07-13 20:07 . 2007-06-26 05:21 381952 ----a-w- c:\windows\system32\nvexpBar.dll
2012-07-13 20:07 . 2012-07-13 20:07 -------- d-----w- c:\users\Ghostshell\AppData\Local\NVIDIA Corporation
2012-07-13 20:06 . 2012-07-13 20:06 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-07-13 20:05 . 2012-07-13 20:05 -------- d-----w- c:\program files (x86)\NVIDIA nTune Performance Application
2012-07-12 19:53 . 2012-04-18 17:08 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-07-12 19:53 . 2012-04-18 17:08 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2011-09-02 01:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 06:59 . 2012-02-14 19:11 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-15 10:48 . 2012-05-14 21:09 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-14 21:09 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-14 21:09 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-14 21:09 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-14 21:09 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job
- c:\users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 22:10]
.
2012-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job
- c:\users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 22:10]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job
- c:\users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 01:17]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job
- c:\users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba47d1b4dd787cac9f0712-48643e70690374b37bf2810e9fd57bd51de19c8a〈=en&ds=ft011&pr=sa&d=2012-07-06 23:20&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.instlDay - 15341
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM
FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ
!#H*K*X%]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
.
**************************************************************************
.
Completion time: 2012-08-10 14:46:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 21:46
.
Pre-Run: 87,516,626,944 bytes free
Post-Run: 87,212,793,856 bytes free
.
- - End Of File - - 0860E11031C8BD71FC09252D7183CEFE
-
TDSSKiller.2.7.48.0_10.08.2012_13.47.02_log
13:47:02.0910 6000 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:47:03.0406 6000 ============================================================
13:47:03.0406 6000 Current date / time: 2012/08/10 13:47:03.0406
13:47:03.0406 6000 SystemInfo:
13:47:03.0406 6000
13:47:03.0407 6000 OS Version: 6.1.7601 ServicePack: 1.0
13:47:03.0407 6000 Product type: Workstation
13:47:03.0407 6000 ComputerName: GHOSTSHELL-PC
13:47:03.0407 6000 UserName: Ghostshell
13:47:03.0407 6000 Windows directory: C:\Windows
13:47:03.0407 6000 System windows directory: C:\Windows
13:47:03.0407 6000 Running under WOW64
13:47:03.0407 6000 Processor architecture: Intel x64
13:47:03.0407 6000 Number of processors: 8
13:47:03.0407 6000 Page size: 0x1000
13:47:03.0407 6000 Boot type: Normal boot
13:47:03.0407 6000 ============================================================
13:47:05.0815 6000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:05.0823 6000 Drive \Device\Harddisk1\DR1 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:47:05.0827 6000 ============================================================
13:47:05.0827 6000 \Device\Harddisk0\DR0:
13:47:05.0828 6000 MBR partitions:
13:47:05.0828 6000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:47:05.0828 6000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
13:47:05.0828 6000 \Device\Harddisk1\DR1:
13:47:05.0829 6000 MBR partitions:
13:47:05.0829 6000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3B8FE0
13:47:05.0829 6000 ============================================================
13:47:05.0882 6000 C: <-> \Device\Harddisk0\DR0\Partition1
13:47:05.0882 6000 ============================================================
13:47:05.0882 6000 Initialize success
13:47:05.0882 6000 ============================================================
13:47:31.0809 5132 ============================================================
13:47:31.0809 5132 Scan started
13:47:31.0809 5132 Mode: Manual; SigCheck; TDLFS;
13:47:31.0809 5132 ============================================================
13:47:32.0776 5132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:47:32.0903 5132 1394ohci - ok
13:47:32.0940 5132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:47:32.0962 5132 ACPI - ok
13:47:32.0979 5132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:47:33.0056 5132 AcpiPmi - ok
13:47:33.0244 5132 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:47:33.0255 5132 AdobeARMservice - ok
13:47:33.0328 5132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:47:33.0356 5132 adp94xx - ok
13:47:33.0402 5132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:47:33.0427 5132 adpahci - ok
13:47:33.0467 5132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:47:33.0485 5132 adpu320 - ok
13:47:33.0518 5132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:47:33.0658 5132 AeLookupSvc - ok
13:47:33.0926 5132 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
13:47:33.0986 5132 AESTFilters - ok
13:47:34.0488 5132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:47:34.0548 5132 AFD - ok
13:47:34.0601 5132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:47:34.0612 5132 agp440 - ok
13:47:34.0655 5132 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:47:34.0699 5132 ALG - ok
13:47:34.0797 5132 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
13:47:34.0804 5132 AlienFusionService - ok
13:47:34.0828 5132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:47:34.0840 5132 aliide - ok
13:47:34.0849 5132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:47:34.0859 5132 amdide - ok
13:47:34.0892 5132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:47:34.0940 5132 AmdK8 - ok
13:47:34.0956 5132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:47:34.0992 5132 AmdPPM - ok
13:47:35.0037 5132 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
13:47:35.0049 5132 amdsata - ok
13:47:35.0071 5132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:47:35.0093 5132 amdsbs - ok
13:47:35.0110 5132 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
13:47:35.0119 5132 amdxata - ok
13:47:35.0201 5132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:47:35.0396 5132 AppID - ok
13:47:35.0430 5132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:47:35.0481 5132 AppIDSvc - ok
13:47:35.0533 5132 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:47:35.0572 5132 Appinfo - ok
13:47:35.0705 5132 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:47:35.0713 5132 Apple Mobile Device - ok
13:47:35.0774 5132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:47:35.0786 5132 arc - ok
13:47:35.0804 5132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:47:35.0816 5132 arcsas - ok
13:47:36.0013 5132 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:47:36.0024 5132 aspnet_state - ok
13:47:36.0066 5132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:47:36.0129 5132 AsyncMac - ok
13:47:36.0149 5132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:47:36.0159 5132 atapi - ok
13:47:36.0251 5132 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:47:36.0335 5132 AudioEndpointBuilder - ok
13:47:36.0340 5132 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:47:36.0374 5132 AudioSrv - ok
13:47:38.0639 5132 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:47:38.0756 5132 AVGIDSAgent - ok
13:47:39.0970 5132 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:47:40.0014 5132 AVGIDSDriver - ok
13:47:40.0164 5132 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:47:40.0172 5132 AVGIDSEH - ok
13:47:40.0262 5132 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:47:40.0269 5132 AVGIDSFilter - ok
13:47:40.0592 5132 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:47:40.0602 5132 Avgldx64 - ok
13:47:40.0643 5132 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:47:40.0650 5132 Avgmfx64 - ok
13:47:40.0686 5132 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:47:40.0694 5132 Avgrkx64 - ok
13:47:40.0770 5132 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:47:40.0782 5132 Avgtdia - ok
13:47:41.0290 5132 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:47:41.0310 5132 avgwd - ok
13:47:41.0369 5132 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:47:41.0448 5132 AxInstSV - ok
13:47:41.0545 5132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:47:41.0613 5132 b06bdrv - ok
13:47:41.0669 5132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:47:41.0730 5132 b57nd60a - ok
13:47:41.0833 5132 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
13:47:41.0840 5132 BCM42RLY - ok
13:47:43.0306 5132 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:47:43.0350 5132 BCM43XX - ok
13:47:43.0660 5132 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
13:47:43.0667 5132 BcmVWL - ok
13:47:43.0714 5132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:47:43.0747 5132 BDESVC - ok
13:47:43.0776 5132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:47:43.0825 5132 Beep - ok
13:47:43.0868 5132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:47:43.0898 5132 blbdrive - ok
13:47:44.0653 5132 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:47:44.0673 5132 Bonjour Service - ok
13:47:44.0734 5132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:47:44.0780 5132 bowser - ok
13:47:44.0808 5132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:47:44.0876 5132 BrFiltLo - ok
13:47:44.0906 5132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:47:44.0938 5132 BrFiltUp - ok
13:47:44.0999 5132 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:47:45.0047 5132 BridgeMP - ok
13:47:45.0338 5132 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:47:45.0426 5132 Browser - ok
13:47:45.0454 5132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:47:45.0506 5132 Brserid - ok
13:47:45.0525 5132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:47:45.0554 5132 BrSerWdm - ok
13:47:45.0570 5132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:47:45.0594 5132 BrUsbMdm - ok
13:47:45.0612 5132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:47:45.0658 5132 BrUsbSer - ok
13:47:45.0685 5132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:47:45.0726 5132 BTHMODEM - ok
13:47:45.0753 5132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:47:45.0814 5132 bthserv - ok
13:47:45.0844 5132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:47:45.0898 5132 cdfs - ok
13:47:45.0998 5132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:47:46.0030 5132 cdrom - ok
13:47:46.0219 5132 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:47:46.0301 5132 CertPropSvc - ok
13:47:46.0356 5132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:47:46.0379 5132 circlass - ok
13:47:46.0434 5132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:47:46.0461 5132 CLFS - ok
13:47:46.0516 5132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:47:46.0529 5132 clr_optimization_v2.0.50727_32 - ok
13:47:46.0575 5132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:47:46.0588 5132 clr_optimization_v2.0.50727_64 - ok
13:47:46.0713 5132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:47:46.0725 5132 clr_optimization_v4.0.30319_32 - ok
13:47:46.0782 5132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:47:46.0793 5132 clr_optimization_v4.0.30319_64 - ok
13:47:46.0848 5132 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
13:47:46.0856 5132 clwvd - ok
13:47:46.0885 5132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:47:46.0910 5132 CmBatt - ok
13:47:46.0931 5132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:47:46.0942 5132 cmdide - ok
13:47:47.0682 5132 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:47:47.0722 5132 CNG - ok
13:47:47.0759 5132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:47:47.0769 5132 Compbatt - ok
13:47:47.0829 5132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:47:47.0871 5132 CompositeBus - ok
13:47:47.0880 5132 COMSysApp - ok
13:47:47.0905 5132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:47:47.0917 5132 crcdisk - ok
13:47:47.0968 5132 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:47:48.0032 5132 CryptSvc - ok
13:47:48.0093 5132 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
13:47:48.0144 5132 DAdderFltr - ok
13:47:48.0709 5132 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:47:48.0780 5132 DcomLaunch - ok
13:47:48.0835 5132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:47:48.0927 5132 defragsvc - ok
13:47:48.0984 5132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:47:49.0036 5132 DfsC - ok
13:47:49.0089 5132 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:47:49.0157 5132 Dhcp - ok
13:47:49.0184 5132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:47:49.0231 5132 discache - ok
13:47:49.0294 5132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:47:49.0306 5132 Disk - ok
13:47:49.0353 5132 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:47:49.0385 5132 Dnscache - ok
13:47:49.0631 5132 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:47:49.0695 5132 dot3svc - ok
13:47:50.0056 5132 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:47:50.0135 5132 DPS - ok
13:47:50.0193 5132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:47:50.0249 5132 drmkaud - ok
13:47:51.0557 5132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:47:51.0578 5132 DXGKrnl - ok
13:47:51.0651 5132 e1kexpress (04dddea79b9e616f50b9132752f656fc) C:\Windows\system32\DRIVERS\e1k62x64.sys
13:47:51.0662 5132 e1kexpress - ok
13:47:51.0736 5132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:47:51.0780 5132 EapHost - ok
13:47:54.0784 5132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:47:54.0879 5132 ebdrv - ok
13:47:55.0714 5132 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:47:55.0742 5132 EFS - ok
13:47:55.0890 5132 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:47:55.0988 5132 ehRecvr - ok
13:47:56.0042 5132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:47:56.0094 5132 ehSched - ok
13:47:56.0510 5132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:47:56.0545 5132 elxstor - ok
13:47:56.0581 5132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:47:56.0621 5132 ErrDev - ok
13:47:56.0821 5132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:47:56.0878 5132 EventSystem - ok
13:47:56.0927 5132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:47:56.0983 5132 exfat - ok
13:47:57.0049 5132 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
13:47:57.0059 5132 FACAP - ok
13:47:58.0871 5132 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
13:47:58.0907 5132 FAService - ok
13:47:59.0893 5132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:47:59.0954 5132 fastfat - ok
13:48:00.0057 5132 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:48:00.0112 5132 Fax - ok
13:48:00.0126 5132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:48:00.0162 5132 fdc - ok
13:48:00.0189 5132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:48:00.0239 5132 fdPHost - ok
13:48:00.0253 5132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:48:00.0289 5132 FDResPub - ok
13:48:00.0320 5132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:48:00.0332 5132 FileInfo - ok
13:48:00.0344 5132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:48:00.0393 5132 Filetrace - ok
13:48:00.0408 5132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:48:00.0433 5132 flpydisk - ok
13:48:00.0483 5132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:48:00.0507 5132 FltMgr - ok
13:48:00.0742 5132 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
13:48:00.0821 5132 FontCache - ok
13:48:00.0935 5132 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:48:00.0944 5132 FontCache3.0.0.0 - ok
13:48:00.0993 5132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:48:01.0005 5132 FsDepends - ok
13:48:01.0034 5132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:48:01.0043 5132 Fs_Rec - ok
13:48:01.0124 5132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:48:01.0150 5132 fvevol - ok
13:48:01.0174 5132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:48:01.0187 5132 gagp30kx - ok
13:48:01.0229 5132 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:48:01.0237 5132 GEARAspiWDM - ok
13:48:01.0318 5132 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:48:01.0409 5132 gpsvc - ok
13:48:01.0464 5132 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:48:01.0473 5132 hamachi - ok
13:48:01.0901 5132 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:48:01.0974 5132 Hamachi2Svc - ok
13:48:02.0052 5132 HappyOSD (8cd92502fec49e837155b9f20e5e2d2c) C:\Program Files (x86)\OSD\OSD_Service.exe
13:48:02.0068 5132 HappyOSD ( UnsignedFile.Multi.Generic ) - warning
13:48:02.0068 5132 HappyOSD - detected UnsignedFile.Multi.Generic (1)
13:48:02.0962 5132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:48:03.0127 5132 hcw85cir - ok
13:48:03.0948 5132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:48:03.0990 5132 HdAudAddService - ok
13:48:04.0219 5132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:48:04.0256 5132 HDAudBus - ok
13:48:04.0290 5132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:48:04.0318 5132 HidBatt - ok
13:48:04.0336 5132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:48:04.0377 5132 HidBth - ok
13:48:04.0435 5132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:48:04.0454 5132 HidIr - ok
13:48:04.0485 5132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:48:04.0525 5132 hidserv - ok
13:48:04.0563 5132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:48:04.0589 5132 HidUsb - ok
13:48:04.0738 5132 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:48:04.0799 5132 hkmsvc - ok
13:48:04.0948 5132 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:48:04.0998 5132 HomeGroupListener - ok
13:48:05.0025 5132 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:48:05.0101 5132 HomeGroupProvider - ok
13:48:05.0159 5132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:48:05.0198 5132 HpSAMD - ok
13:48:05.0258 5132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:48:05.0324 5132 HTTP - ok
13:48:05.0372 5132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:48:05.0383 5132 hwpolicy - ok
13:48:05.0418 5132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:48:05.0434 5132 i8042prt - ok
13:48:05.0483 5132 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:48:05.0510 5132 iaStorV - ok
13:48:05.0990 5132 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:48:06.0045 5132 idsvc - ok
13:48:06.0066 5132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:48:06.0080 5132 iirsp - ok
13:48:06.0829 5132 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:48:06.0896 5132 IKEEXT - ok
13:48:06.0931 5132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:48:06.0942 5132 intelide - ok
13:48:07.0017 5132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:48:07.0050 5132 intelppm - ok
13:48:07.0079 5132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:48:07.0127 5132 IPBusEnum - ok
13:48:07.0197 5132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:48:07.0240 5132 IpFilterDriver - ok
13:48:07.0269 5132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:48:07.0303 5132 IPMIDRV - ok
13:48:07.0354 5132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:48:07.0411 5132 IPNAT - ok
13:48:07.0550 5132 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
13:48:07.0589 5132 iPod Service - ok
13:48:07.0607 5132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:48:07.0666 5132 IRENUM - ok
13:48:07.0692 5132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:48:07.0705 5132 isapnp - ok
13:48:07.0799 5132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:48:07.0845 5132 iScsiPrt - ok
13:48:07.0881 5132 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
13:48:07.0913 5132 itecir - ok
13:48:07.0938 5132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:48:07.0951 5132 kbdclass - ok
13:48:08.0006 5132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:48:08.0027 5132 kbdhid - ok
13:48:08.0064 5132 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:48:08.0078 5132 KeyIso - ok
13:48:08.0197 5132 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:48:08.0217 5132 KSecDD - ok
13:48:08.0443 5132 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:48:08.0455 5132 KSecPkg - ok
13:48:08.0471 5132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:48:08.0512 5132 ksthunk - ok
13:48:08.0559 5132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:48:08.0626 5132 KtmRm - ok
13:48:08.0709 5132 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:48:08.0757 5132 LanmanServer - ok
13:48:08.0815 5132 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:48:08.0860 5132 LanmanWorkstation - ok
13:48:08.0888 5132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:48:08.0932 5132 lltdio - ok
13:48:09.0036 5132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:48:09.0084 5132 lltdsvc - ok
13:48:09.0124 5132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:48:09.0158 5132 lmhosts - ok
13:48:09.0187 5132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:48:09.0201 5132 LSI_FC - ok
13:48:09.0214 5132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:48:09.0231 5132 LSI_SAS - ok
13:48:09.0250 5132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:48:09.0266 5132 LSI_SAS2 - ok
13:48:09.0298 5132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:48:09.0313 5132 LSI_SCSI - ok
13:48:09.0331 5132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:48:09.0389 5132 luafv - ok
13:48:09.0423 5132 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:48:09.0457 5132 ManyCam - ok
13:48:09.0540 5132 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:48:09.0566 5132 Mcx2Svc - ok
13:48:09.0585 5132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:48:09.0599 5132 megasas - ok
13:48:09.0626 5132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:48:09.0645 5132 MegaSR - ok
13:48:09.0746 5132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:48:09.0810 5132 MMCSS - ok
13:48:09.0822 5132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:48:09.0875 5132 Modem - ok
13:48:09.0898 5132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:48:09.0927 5132 monitor - ok
13:48:09.0960 5132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:48:09.0974 5132 mouclass - ok
13:48:10.0043 5132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:48:10.0066 5132 mouhid - ok
13:48:10.0115 5132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:48:10.0130 5132 mountmgr - ok
13:48:10.0343 5132 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:48:10.0356 5132 MozillaMaintenance - ok
13:48:10.0389 5132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:48:10.0405 5132 mpio - ok
13:48:10.0512 5132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:48:10.0577 5132 mpsdrv - ok
13:48:10.0621 5132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:48:10.0658 5132 MRxDAV - ok
13:48:10.0751 5132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:10.0799 5132 mrxsmb - ok
13:48:10.0836 5132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:10.0878 5132 mrxsmb10 - ok
13:48:10.0899 5132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:10.0934 5132 mrxsmb20 - ok
13:48:10.0962 5132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:48:10.0974 5132 msahci - ok
13:48:11.0040 5132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:48:11.0054 5132 msdsm - ok
13:48:11.0399 5132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:48:11.0455 5132 MSDTC - ok
13:48:11.0497 5132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:48:11.0539 5132 Msfs - ok
13:48:11.0575 5132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:48:11.0628 5132 mshidkmdf - ok
13:48:11.0730 5132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:48:11.0741 5132 msisadrv - ok
13:48:12.0122 5132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:48:12.0185 5132 MSiSCSI - ok
13:48:12.0188 5132 msiserver - ok
13:48:12.0254 5132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:48:12.0300 5132 MSKSSRV - ok
13:48:12.0342 5132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:12.0424 5132 MSPCLOCK - ok
13:48:12.0457 5132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:48:12.0509 5132 MSPQM - ok
13:48:13.0148 5132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:48:13.0226 5132 MsRPC - ok
13:48:13.0250 5132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:48:13.0261 5132 mssmbios - ok
13:48:13.0413 5132 MSSQL$SQLEXPRESS - ok
13:48:13.0766 5132 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:48:13.0809 5132 MSSQLServerADHelper100 - ok
13:48:13.0832 5132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:48:13.0892 5132 MSTEE - ok
13:48:13.0916 5132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:48:13.0938 5132 MTConfig - ok
13:48:13.0956 5132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:48:13.0971 5132 Mup - ok
13:48:14.0107 5132 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:48:14.0163 5132 napagent - ok
13:48:14.0218 5132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:48:14.0248 5132 NativeWifiP - ok
13:48:15.0124 5132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:48:15.0163 5132 NDIS - ok
13:48:15.0192 5132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:15.0244 5132 NdisCap - ok
13:48:15.0269 5132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:15.0305 5132 NdisTapi - ok
13:48:15.0391 5132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:15.0440 5132 Ndisuio - ok
13:48:15.0843 5132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:15.0905 5132 NdisWan - ok
13:48:15.0930 5132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:48:15.0978 5132 NDProxy - ok
13:48:16.0061 5132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:48:16.0151 5132 NetBIOS - ok
13:48:16.0758 5132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:48:16.0838 5132 NetBT - ok
13:48:16.0911 5132 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:48:16.0927 5132 Netlogon - ok
13:48:17.0162 5132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:48:17.0245 5132 Netman - ok
13:48:18.0213 5132 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:18.0229 5132 NetMsmqActivator - ok
13:48:18.0250 5132 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:18.0261 5132 NetPipeActivator - ok
13:48:18.0320 5132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:48:18.0385 5132 netprofm - ok
13:48:19.0230 5132 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
13:48:19.0292 5132 netr28ux - ok
13:48:19.0658 5132 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:19.0669 5132 NetTcpActivator - ok
13:48:19.0672 5132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:19.0683 5132 NetTcpPortSharing - ok
13:48:19.0724 5132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:48:19.0738 5132 nfrd960 - ok
13:48:19.0816 5132 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:48:19.0893 5132 NlaSvc - ok
13:48:19.0947 5132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:48:19.0993 5132 Npfs - ok
13:48:20.0054 5132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:48:20.0101 5132 nsi - ok
13:48:20.0119 5132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:48:20.0172 5132 nsiproxy - ok
13:48:20.0992 5132 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:48:21.0061 5132 Ntfs - ok
13:48:21.0219 5132 nTuneService - ok
13:48:21.0413 5132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:48:21.0496 5132 Null - ok
13:48:21.0696 5132 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
13:48:21.0709 5132 NVHDA - ok
13:48:28.0114 5132 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:48:28.0298 5132 nvlddmkm - ok
13:48:28.0368 5132 NVR0Dev (241a095631570a9cef4f126c87605c60) C:\Windows\nvoclk64.sys
13:48:28.0376 5132 NVR0Dev - ok
13:48:28.0490 5132 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:48:28.0511 5132 nvraid - ok
13:48:28.0529 5132 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:48:28.0549 5132 nvstor - ok
13:48:28.0659 5132 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
13:48:28.0708 5132 nvsvc - ok
13:48:28.0975 5132 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:48:29.0030 5132 nvUpdatusService - ok
13:48:29.0167 5132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:48:29.0188 5132 nv_agp - ok
13:48:29.0215 5132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:48:29.0239 5132 ohci1394 - ok
13:48:29.0275 5132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:48:29.0327 5132 p2pimsvc - ok
13:48:29.0504 5132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:48:29.0551 5132 p2psvc - ok
13:48:29.0576 5132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:48:29.0604 5132 Parport - ok
13:48:29.0653 5132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:48:29.0665 5132 partmgr - ok
13:48:29.0683 5132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:48:29.0721 5132 PcaSvc - ok
13:48:29.0762 5132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:48:29.0782 5132 pci - ok
13:48:29.0809 5132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:48:29.0821 5132 pciide - ok
13:48:29.0846 5132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:48:29.0872 5132 pcmcia - ok
13:48:29.0886 5132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:48:29.0899 5132 pcw - ok
13:48:29.0938 5132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:48:30.0004 5132 PEAUTH - ok
13:48:30.0090 5132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:48:30.0116 5132 PerfHost - ok
13:48:30.0454 5132 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:48:30.0558 5132 pla - ok
13:48:30.0635 5132 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:48:30.0676 5132 PlugPlay - ok
13:48:30.0692 5132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:48:30.0715 5132 PNRPAutoReg - ok
13:48:30.0762 5132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:48:30.0778 5132 PNRPsvc - ok
13:48:31.0421 5132 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:48:31.0492 5132 PolicyAgent - ok
13:48:31.0532 5132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:48:31.0585 5132 Power - ok
13:48:31.0811 5132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:48:31.0868 5132 PptpMiniport - ok
13:48:31.0936 5132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:48:31.0979 5132 Processor - ok
13:48:32.0030 5132 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:48:32.0102 5132 ProfSvc - ok
13:48:32.0123 5132 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:48:32.0137 5132 ProtectedStorage - ok
13:48:32.0166 5132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:48:32.0207 5132 Psched - ok
13:48:32.0434 5132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:48:32.0482 5132 ql2300 - ok
13:48:32.0972 5132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:48:33.0008 5132 ql40xx - ok
13:48:33.0061 5132 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:48:33.0092 5132 QWAVE - ok
13:48:33.0103 5132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:48:33.0131 5132 QWAVEdrv - ok
13:48:33.0144 5132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:48:33.0191 5132 RasAcd - ok
13:48:33.0284 5132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:48:33.0344 5132 RasAgileVpn - ok
13:48:33.0419 5132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:48:33.0458 5132 RasAuto - ok
13:48:33.0501 5132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:48:33.0538 5132 Rasl2tp - ok
13:48:33.0570 5132 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:48:33.0631 5132 RasMan - ok
13:48:33.0667 5132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:33.0701 5132 RasPppoe - ok
13:48:33.0725 5132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:48:33.0770 5132 RasSstp - ok
13:48:33.0802 5132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:48:33.0856 5132 rdbss - ok
13:48:33.0872 5132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:48:33.0894 5132 rdpbus - ok
13:48:33.0912 5132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:48:33.0955 5132 RDPCDD - ok
13:48:33.0975 5132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:48:34.0016 5132 RDPENCDD - ok
13:48:34.0031 5132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:48:34.0072 5132 RDPREFMP - ok
13:48:34.0122 5132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:48:34.0182 5132 RDPWD - ok
13:48:34.0216 5132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:48:34.0240 5132 rdyboost - ok
13:48:34.0275 5132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:48:34.0312 5132 RemoteAccess - ok
13:48:34.0341 5132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:48:34.0392 5132 RemoteRegistry - ok
13:48:34.0560 5132 rimmptsk (cb7c996f3878e936bfdd9cdfe6a3a987) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:48:34.0646 5132 rimmptsk - ok
13:48:34.0759 5132 rimsptsk (2c543f0e04b5f6fd5c17509d0ece6d1d) C:\Windows\system32\DRIVERS\rimspx64.sys
13:48:34.0828 5132 rimsptsk - ok
13:48:35.0295 5132 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:48:35.0340 5132 rismxdp - ok
13:48:35.0360 5132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:48:35.0445 5132 RpcEptMapper - ok
13:48:35.0479 5132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:48:35.0503 5132 RpcLocator - ok
13:48:35.0568 5132 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:48:35.0607 5132 RpcSs - ok
13:48:35.0701 5132 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:48:35.0723 5132 RsFx0103 - ok
13:48:35.0757 5132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:48:35.0798 5132 rspndr - ok
13:48:35.0812 5132 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:48:35.0826 5132 SamSs - ok
13:48:35.0861 5132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:48:35.0874 5132 sbp2port - ok
13:48:35.0950 5132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:48:35.0988 5132 SCardSvr - ok
13:48:36.0037 5132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:48:36.0088 5132 scfilter - ok
13:48:36.0474 5132 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:48:36.0541 5132 Schedule - ok
13:48:36.0641 5132 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:48:36.0672 5132 SCPolicySvc - ok
13:48:36.0715 5132 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:48:36.0737 5132 sdbus - ok
13:48:36.0784 5132 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:48:36.0822 5132 SDRSVC - ok
13:48:36.0853 5132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:48:36.0893 5132 secdrv - ok
13:48:36.0907 5132 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:48:36.0948 5132 seclogon - ok
13:48:36.0985 5132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:48:37.0028 5132 SENS - ok
13:48:37.0045 5132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:48:37.0093 5132 SensrSvc - ok
13:48:37.0108 5132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:48:37.0130 5132 Serenum - ok
13:48:37.0159 5132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:48:37.0182 5132 Serial - ok
13:48:37.0217 5132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:48:37.0247 5132 sermouse - ok
13:48:37.0353 5132 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:48:37.0416 5132 SessionEnv - ok
13:48:37.0441 5132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:48:37.0484 5132 sffdisk - ok
13:48:37.0512 5132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:48:37.0542 5132 sffp_mmc - ok
13:48:37.0572 5132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:48:37.0597 5132 sffp_sd - ok
13:48:37.0628 5132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:48:37.0642 5132 sfloppy - ok
13:48:37.0710 5132 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:48:37.0773 5132 ShellHWDetection - ok
13:48:37.0797 5132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:48:37.0811 5132 SiSRaid2 - ok
13:48:37.0827 5132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:48:37.0839 5132 SiSRaid4 - ok
13:48:38.0136 5132 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:48:38.0158 5132 SkypeUpdate - ok
13:48:38.0187 5132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:48:38.0226 5132 Smb - ok
13:48:38.0252 5132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:48:38.0278 5132 SNMPTRAP - ok
13:48:38.0301 5132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:48:38.0311 5132 spldr - ok
13:48:38.0525 5132 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:48:38.0612 5132 Spooler - ok
13:48:40.0600 5132 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:48:40.0715 5132 sppsvc - ok
13:48:40.0891 5132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:48:40.0954 5132 sppuinotify - ok
13:48:41.0515 5132 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:48:41.0558 5132 SQLAgent$SQLEXPRESS - ok
13:48:42.0030 5132 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:48:42.0114 5132 SQLBrowser - ok
13:48:42.0226 5132 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:48:42.0237 5132 SQLWriter - ok
13:48:42.0513 5132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:48:42.0569 5132 srv - ok
13:48:42.0653 5132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:48:42.0692 5132 srv2 - ok
13:48:42.0713 5132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:48:42.0787 5132 srvnet - ok
13:48:42.0838 5132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:48:42.0893 5132 SSDPSRV - ok
13:48:43.0077 5132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:48:43.0174 5132 SstpSvc - ok
13:48:43.0592 5132 STacSV (1fcaf9c8a17985a28507338f36200320) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
13:48:43.0628 5132 STacSV - ok
13:48:43.0694 5132 Steam Client Service - ok
13:48:44.0066 5132 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:48:44.0112 5132 Stereo Service - ok
13:48:44.0186 5132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:48:44.0198 5132 stexstor - ok
13:48:44.0609 5132 STHDA (3c400155894b9caf176eb4f64737050b) C:\Windows\system32\DRIVERS\stwrt64.sys
13:48:44.0656 5132 STHDA - ok
13:48:44.0717 5132 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:48:44.0764 5132 stisvc - ok
13:48:44.0785 5132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:48:44.0795 5132 swenum - ok
13:48:44.0844 5132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:48:44.0919 5132 swprv - ok
13:48:45.0021 5132 SynTP (5c9bb68b1f4bbcb85b4f6e675fc523a0) C:\Windows\system32\DRIVERS\SynTP.sys
13:48:45.0032 5132 SynTP - ok
13:48:46.0236 5132 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:48:46.0333 5132 SysMain - ok
13:48:46.0626 5132 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:48:46.0669 5132 TabletInputService - ok
13:48:46.0718 5132 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:48:46.0779 5132 TapiSrv - ok
13:48:46.0819 5132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:48:46.0858 5132 TBS - ok
13:48:48.0039 5132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:48:48.0099 5132 Tcpip - ok
13:48:49.0698 5132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:48:49.0736 5132 TCPIP6 - ok
13:48:50.0634 5132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:48:50.0677 5132 tcpipreg - ok
13:48:50.0786 5132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:48:50.0843 5132 TDPIPE - ok
13:48:50.0999 5132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:48:51.0031 5132 TDTCP - ok
13:48:51.0302 5132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:48:51.0421 5132 tdx - ok
13:48:51.0614 5132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:48:51.0628 5132 TermDD - ok
13:48:52.0245 5132 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:48:52.0319 5132 TermService - ok
13:48:52.0349 5132 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:48:52.0381 5132 Themes - ok
13:48:52.0408 5132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:48:52.0440 5132 THREADORDER - ok
13:48:52.0496 5132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:48:52.0560 5132 TrkWks - ok
13:48:52.0727 5132 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:48:52.0791 5132 TrustedInstaller - ok
13:48:52.0860 5132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:48:52.0913 5132 tssecsrv - ok
13:48:53.0062 5132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:48:53.0095 5132 TsUsbFlt - ok
13:48:53.0130 5132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:48:53.0176 5132 tunnel - ok
13:48:53.0232 5132 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
13:48:53.0241 5132 TurboB - ok
13:48:53.0407 5132 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:48:53.0461 5132 TurboBoost - ok
13:48:53.0568 5132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:48:53.0596 5132 uagp35 - ok
13:48:53.0764 5132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:48:53.0806 5132 udfs - ok
13:48:53.0840 5132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:48:53.0865 5132 UI0Detect - ok
13:48:53.0902 5132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:48:53.0915 5132 uliagpkx - ok
13:48:53.0946 5132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:48:53.0976 5132 umbus - ok
13:48:54.0007 5132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:48:54.0035 5132 UmPass - ok
13:48:54.0064 5132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:48:54.0126 5132 upnphost - ok
13:48:54.0192 5132 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:48:54.0245 5132 USBAAPL64 - ok
13:48:54.0290 5132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:48:54.0318 5132 usbaudio - ok
13:48:54.0363 5132 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
13:48:54.0400 5132 usbccgp - ok
13:48:54.0431 5132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:48:54.0456 5132 usbcir - ok
13:48:54.0470 5132 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
13:48:54.0495 5132 usbehci - ok
13:48:54.0541 5132 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
13:48:54.0580 5132 usbhub - ok
13:48:54.0597 5132 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:48:54.0611 5132 usbohci - ok
13:48:54.0662 5132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:48:54.0685 5132 usbprint - ok
13:48:54.0703 5132 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:54.0748 5132 USBSTOR - ok
13:48:54.0782 5132 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:48:54.0798 5132 usbuhci - ok
13:48:54.0834 5132 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:48:54.0867 5132 usbvideo - ok
13:48:54.0894 5132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:48:54.0931 5132 UxSms - ok
13:48:54.0980 5132 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:48:54.0996 5132 VaultSvc - ok
13:48:55.0037 5132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:48:55.0049 5132 vdrvroot - ok
13:48:55.0100 5132 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:48:55.0161 5132 vds - ok
13:48:55.0183 5132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:55.0201 5132 vga - ok
13:48:55.0211 5132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:48:55.0251 5132 VgaSave - ok
13:48:55.0302 5132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:48:55.0326 5132 vhdmp - ok
13:48:55.0347 5132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:48:55.0360 5132 viaide - ok
13:48:55.0376 5132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:48:55.0390 5132 volmgr - ok
13:48:55.0448 5132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:48:55.0475 5132 volmgrx - ok
13:48:55.0506 5132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:48:55.0529 5132 volsnap - ok
13:48:55.0559 5132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:48:55.0579 5132 vsmraid - ok
13:48:55.0937 5132 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
13:48:55.0975 5132 VSPerfDrv100 - ok
13:48:56.0921 5132 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:48:57.0001 5132 VSS - ok
13:48:57.0781 5132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:48:57.0829 5132 vwifibus - ok
13:48:57.0881 5132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:57.0905 5132 vwififlt - ok
13:48:57.0925 5132 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:48:57.0957 5132 vwifimp - ok
13:48:58.0003 5132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:48:58.0057 5132 W32Time - ok
13:48:58.0238 5132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:48:58.0272 5132 WacomPen - ok
13:48:58.0497 5132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:58.0563 5132 WANARP - ok
13:48:58.0567 5132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:58.0603 5132 Wanarpv6 - ok
13:48:58.0777 5132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:48:58.0843 5132 WatAdminSvc - ok
13:48:59.0103 5132 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:48:59.0168 5132 wbengine - ok
13:48:59.0871 5132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:48:59.0915 5132 WbioSrvc - ok
13:49:00.0772 5132 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:49:00.0826 5132 wcncsvc - ok
13:49:00.0857 5132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:49:00.0893 5132 WcsPlugInService - ok
13:49:00.0962 5132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:49:00.0975 5132 Wd - ok
13:49:01.0026 5132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:49:01.0096 5132 Wdf01000 - ok
13:49:01.0172 5132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:49:01.0287 5132 WdiServiceHost - ok
13:49:01.0290 5132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:49:01.0308 5132 WdiSystemHost - ok
13:49:01.0799 5132 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:49:01.0861 5132 WebClient - ok
13:49:02.0180 5132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:49:02.0261 5132 Wecsvc - ok
13:49:02.0448 5132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:49:02.0538 5132 wercplsupport - ok
13:49:02.0561 5132 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:49:02.0621 5132 WerSvc - ok
13:49:02.0886 5132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:49:02.0930 5132 WfpLwf - ok
13:49:02.0970 5132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:49:02.0997 5132 WIMMount - ok
13:49:03.0381 5132 WindowBlinds (8258726d076c8fff994f468712ddfbab) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
13:49:03.0400 5132 WindowBlinds - ok
13:49:03.0407 5132 WinHttpAutoProxySvc - ok
13:49:03.0505 5132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:49:03.0589 5132 Winmgmt - ok
13:49:04.0481 5132 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:49:04.0575 5132 WinRM - ok
13:49:05.0120 5132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:49:05.0165 5132 WinUsb - ok
13:49:05.0918 5132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:49:05.0956 5132 Wlansvc - ok
13:49:06.0067 5132 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
13:49:06.0081 5132 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
13:49:06.0081 5132 wltrysvc - detected UnsignedFile.Multi.Generic (1)
13:49:06.0118 5132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:49:06.0143 5132 WmiAcpi - ok
13:49:06.0212 5132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:49:06.0247 5132 wmiApSrv - ok
13:49:06.0294 5132 WMPNetworkSvc - ok
13:49:06.0331 5132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:49:06.0364 5132 WPCSvc - ok
13:49:06.0482 5132 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:49:06.0498 5132 WPDBusEnum - ok
13:49:06.0527 5132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:49:06.0566 5132 ws2ifsl - ok
13:49:06.0569 5132 WSearch - ok
13:49:06.0617 5132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:49:06.0655 5132 WudfPf - ok
13:49:06.0751 5132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:49:06.0817 5132 WUDFRd - ok
13:49:06.0844 5132 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:49:06.0891 5132 wudfsvc - ok
13:49:06.0946 5132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:49:06.0977 5132 WwanSvc - ok
13:49:07.0020 5132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:49:07.0092 5132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:49:07.0092 5132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:49:07.0273 5132 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:49:07.0273 5132 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:49:07.0282 5132 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
13:49:07.0889 5132 \Device\Harddisk1\DR1 - ok
13:49:07.0906 5132 Boot (0x1200) (30d2389c7b05b11e67eb039f63acd4b8) \Device\Harddisk0\DR0\Partition0
13:49:07.0917 5132 \Device\Harddisk0\DR0\Partition0 - ok
13:49:07.0944 5132 Boot (0x1200) (a0a89077aa5b897f3231741f6e3f1496) \Device\Harddisk0\DR0\Partition1
13:49:07.0953 5132 \Device\Harddisk0\DR0\Partition1 - ok
13:49:07.0957 5132 Boot (0x1200) (7116c7025dd3681756ca9d3aa4727dc9) \Device\Harddisk1\DR1\Partition0
13:49:07.0959 5132 \Device\Harddisk1\DR1\Partition0 - ok
13:49:07.0959 5132 ============================================================
13:49:07.0959 5132 Scan finished
13:49:07.0959 5132 ============================================================
13:49:07.0966 5820 Detected object count: 4
13:49:07.0966 5820 Actual detected object count: 4
13:50:09.0893 5820 HappyOSD ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:09.0893 5820 HappyOSD ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:09.0894 5820 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:09.0894 5820 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:11.0159 5820 \Device\Harddisk0\DR0\# - copied to quarantine
13:50:11.0160 5820 \Device\Harddisk0\DR0 - copied to quarantine
13:50:11.0277 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:50:11.0281 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:50:11.0325 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:50:11.0334 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:50:11.0362 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:50:11.0378 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:50:11.0380 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:50:11.0381 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:50:11.0384 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:50:11.0387 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:50:11.0391 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:50:11.0393 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:50:11.0395 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:50:11.0421 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:50:11.0433 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:50:11.0436 5820 \Device\Harddisk0\DR0 - ok
13:50:11.0476 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:50:13.0364 6008 Deinitialize success
-
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 13:38:34 Run:1
Running from F:\
==============================================
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996} moved successfully.
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
-
Alright here is the FRST.txt
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 13:08:36
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-15] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2108200 2010-04-01] (Synaptics Incorporated)
HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" [136488 2011-02-25] (CyberLink)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli
FAPassSync
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Stardock MyColors.lnk
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
==================== Services (Whitelisted) ======
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [16384 2010-01-04] ()
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-15] (IDT, Inc.)
2 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation)
========================== Drivers (Whitelisted) =============
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [273072 2009-06-22] (Intel Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [966144 2009-05-25] (Ralink Technology Corp.)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-10 12:02 - 2012-08-10 12:02 - 01439703 ____A (Farbar) C:\Users\Ghostshell\Desktop\FRST64.exe
2012-08-10 11:30 - 2012-08-10 11:30 - 00002501 ____A C:\Users\Ghostshell\Desktop\RKreport[1].txt
2012-08-10 11:28 - 2012-08-10 11:30 - 00000000 ____D C:\Users\Ghostshell\Desktop\RK_Quarantine
2012-08-10 11:28 - 2012-08-10 11:28 - 01558528 ____A C:\Users\Ghostshell\Desktop\RogueKiller.exe
2012-08-10 11:11 - 2012-08-10 11:11 - 00027720 ____A C:\Users\Ghostshell\Desktop\Attach.txt
2012-08-10 11:11 - 2012-08-10 11:11 - 00021645 ____A C:\Users\Ghostshell\Desktop\DDS.txt
2012-08-09 17:44 - 2012-08-09 17:44 - 00607260 ____R (Swearware) C:\Users\Ghostshell\Desktop\dds.scr
2012-08-09 16:57 - 2012-08-09 16:57 - 00000000 ____A C:\Users\Ghostshell\CD
2012-08-09 16:19 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-08 10:19 - 2012-08-08 10:20 - 00000600 ____A C:\Users\Ghostshell\AppData\Local\PUTTY.RND
2012-08-08 10:16 - 2012-08-08 10:20 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\FileZilla
2012-08-08 10:15 - 2012-08-08 10:16 - 04518720 ____A (FileZilla Project) C:\Users\Ghostshell\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-08-08 10:13 - 2012-08-08 21:06 - 00000000 ____D C:\Users\Ghostshell\Desktop\Chicken
2012-08-08 09:10 - 2012-08-09 17:01 - 00000560 ____A C:\Windows\setupact.log
2012-08-08 09:10 - 2012-08-08 09:10 - 00001040 ____A C:\Windows\PFRO.log
2012-08-08 09:10 - 2012-08-08 09:10 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 12:37 - 2012-08-07 12:37 - 00034818 ____A C:\Users\Ghostshell\Documents\cc_20120807_133730.reg
2012-08-03 19:17 - 2012-08-03 19:18 - 05021143 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-03 19:06 - 2012-08-03 19:06 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe
2012-08-01 10:18 - 2012-08-01 10:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-01 10:18 - 2012-08-01 10:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 14:36 - 2012-07-30 14:36 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\Macromedia
2012-07-30 14:28 - 2012-07-30 14:28 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SASUNINST64.EXE
2012-07-29 19:51 - 2012-07-29 19:53 - 76637445 ____A C:\Users\Ghostshell\Downloads\iLoL_Open_Beta_1.1.2_installer.dmg
2012-07-28 16:33 - 2012-07-31 10:51 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\Apps\Apple Computer
2012-07-21 10:44 - 2012-08-01 17:43 - 00000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer Contact
2012-07-21 10:44 - 2012-07-21 10:44 - 00000000 ____D C:\Users\Ghostshell\Documents\Tansee
2012-07-21 10:44 - 2012-07-21 10:44 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\libimobiledevice
2012-07-21 10:43 - 2012-08-03 19:16 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\GetRightToGo
2012-07-21 10:43 - 2012-07-21 10:43 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_tanseeiphonecontact_.exe
2012-07-21 08:11 - 2012-07-21 08:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-21 08:10 - 2012-07-21 08:11 - 00000000 ____D C:\Program Files\iTunes
2012-07-21 08:10 - 2012-07-21 08:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-21 08:10 - 2012-07-21 08:10 - 00000000 ____D C:\Program Files\iPod
2012-07-21 08:08 - 2012-07-21 08:08 - 00000000 ____D C:\Program Files\Bonjour
2012-07-21 08:08 - 2012-07-21 08:08 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-07-21 08:07 - 2012-07-21 08:07 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-21 08:07 - 2012-07-21 08:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-18 21:58 - 2012-07-18 21:58 - 02686176 ____A (McAfee, Inc.) C:\Users\Ghostshell\Downloads\McAfeeScanAndRepair3_Release.exe
2012-07-18 21:05 - 2012-07-18 21:05 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Ghostshell\Desktop\tdsskiller.exe
2012-07-18 20:54 - 2012-07-18 20:54 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-18 13:09 - 2012-07-18 20:52 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\Clipdiary
2012-07-18 13:08 - 2012-07-18 13:08 - 02689442 ____A C:\Users\Ghostshell\Downloads\clipdiary_3.4.exe
2012-07-18 12:36 - 2012-07-18 12:36 - 18651528 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware(1).exe
2012-07-18 09:10 - 2012-07-18 09:10 - 18646144 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware.exe
2012-07-17 22:28 - 2012-07-17 22:28 - 00000000 ____D C:\Users\Ghostshell\Documents\Diablo III
2012-07-17 20:31 - 2012-07-17 21:04 - 00000000 ____D C:\Windows\erdnt
2012-07-17 20:22 - 2012-07-18 21:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 19:06 - 2012-07-17 21:22 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-07-17 19:06 - 2012-07-17 19:06 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-07-17 19:05 - 2012-07-17 19:05 - 00000000 ____D C:\Users\All Users\Battle.net
2012-07-17 19:04 - 2012-07-17 19:05 - 40048208 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\Diablo-III-Setup-enUS.exe
2012-07-17 15:37 - 2012-07-17 15:37 - 00130802 ____A C:\Users\Ghostshell\Documents\cc_20120717_163659.reg
2012-07-17 13:39 - 2012-07-17 13:39 - 00001127 ____A C:\Users\Ghostshell\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 19:15 - 2012-07-16 19:41 - 00000000 ____D C:\Users\Ghostshell\Downloads\Katy Perry - Teenage Dream
2012-07-16 15:15 - 2012-07-16 15:15 - 00226433 ____A C:\Users\Ghostshell\Desktop\D3UnidPredict.zip
2012-07-16 12:49 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-16 12:49 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-16 12:49 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-16 12:46 - 2012-07-16 12:48 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql(1).exe
2012-07-16 12:45 - 2012-07-16 12:45 - 00000020 ___SH C:\Users\UpdatusUser.Ghostshell-PC\ntuser.ini
2012-07-16 12:45 - 2012-07-16 12:45 - 00000000 ____D C:\users\UpdatusUser.Ghostshell-PC
2012-07-16 12:44 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-07-16 12:44 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-07-16 12:44 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-07-16 12:44 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-07-16 12:44 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-07-16 12:44 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-07-16 12:43 - 2012-07-16 12:43 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-07-16 01:48 - 2012-07-16 01:48 - 00000000 ____D C:\Program Files (x86)\TorrentSearch
2012-07-16 01:47 - 2012-07-18 14:02 - 00000000 ____D C:\Program Files (x86)\smartdl
2012-07-14 11:23 - 2012-07-14 11:23 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(2).exe
2012-07-14 11:18 - 2012-07-14 11:18 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(1).exe
2012-07-14 11:17 - 2012-07-14 11:17 - 00604032 ____A (SlimWare Utilities, Inc.) C:\Users\Ghostshell\Downloads\FixCleanerSetup.exe
2012-07-13 12:07 - 2012-07-13 12:07 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\NVIDIA Corporation
2012-07-13 12:07 - 2012-07-13 12:06 - 00372736 ____A (NVIDIA Corporation) C:\Windows\System32\NVUNINST.EXE
2012-07-13 12:07 - 2007-07-03 15:41 - 01524736 ____A (Microsoft Corporation) C:\Windows\System32\MFC71.dll
2012-07-13 12:07 - 2007-07-03 15:41 - 00978944 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-07-13 12:07 - 2007-07-03 15:41 - 00520192 ____A C:\Windows\System32\msvcr71.dll
2012-07-13 12:07 - 2007-06-25 21:21 - 02065920 ____A C:\Windows\System32\nvcplUI.exe
2012-07-13 12:07 - 2007-06-25 21:21 - 01064448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcplUIR.dll
2012-07-13 12:07 - 2007-06-25 21:21 - 00403456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.cpl
2012-07-13 12:07 - 2007-06-25 21:21 - 00381952 ____A (NVIDIA Corporation) C:\Windows\System32\nvexpBar.dll
2012-07-13 12:05 - 2012-07-13 12:05 - 43265912 ____A (NVIDIA Corporation ) C:\Users\Ghostshell\Downloads\5.05.54.00_ntune_winxp_international.exe
2012-07-13 12:05 - 2012-07-13 12:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA nTune Performance Application
2012-07-12 11:53 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-07-12 11:53 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-07-12 11:49 - 2012-07-12 11:51 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
============ 3 Months Modified Files ========================
2012-08-10 12:02 - 2012-08-10 12:02 - 01439703 ____A (Farbar) C:\Users\Ghostshell\Desktop\FRST64.exe
2012-08-10 11:56 - 2009-07-13 21:13 - 00869840 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 11:30 - 2012-08-10 11:30 - 00002501 ____A C:\Users\Ghostshell\Desktop\RKreport[1].txt
2012-08-10 11:28 - 2012-08-10 11:28 - 01558528 ____A C:\Users\Ghostshell\Desktop\RogueKiller.exe
2012-08-10 11:27 - 2012-06-26 17:17 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job
2012-08-10 11:15 - 2011-10-24 14:05 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job
2012-08-10 11:11 - 2012-08-10 11:11 - 00027720 ____A C:\Users\Ghostshell\Desktop\Attach.txt
2012-08-10 11:11 - 2012-08-10 11:11 - 00021645 ____A C:\Users\Ghostshell\Desktop\DDS.txt
2012-08-09 18:34 - 2012-05-02 22:02 - 00011611 ____A C:\Users\Ghostshell\Desktop\Playlist Start.txt
2012-08-09 17:44 - 2012-08-09 17:44 - 00607260 ____R (Swearware) C:\Users\Ghostshell\Desktop\dds.scr
2012-08-09 17:08 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 17:08 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 17:01 - 2012-08-08 09:10 - 00000560 ____A C:\Windows\setupact.log
2012-08-09 17:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 16:57 - 2012-08-09 16:57 - 00000000 ____A C:\Users\Ghostshell\CD
2012-08-09 16:46 - 2009-07-13 21:08 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 16:17 - 2011-06-29 11:33 - 01422051 ____A C:\Windows\WindowsUpdate.log
2012-08-09 15:27 - 2012-06-26 17:17 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job
2012-08-09 14:27 - 2011-10-24 14:05 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job
2012-08-08 10:20 - 2012-08-08 10:19 - 00000600 ____A C:\Users\Ghostshell\AppData\Local\PUTTY.RND
2012-08-08 10:16 - 2012-08-08 10:15 - 04518720 ____A (FileZilla Project) C:\Users\Ghostshell\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-08-08 09:10 - 2012-08-08 09:10 - 00001040 ____A C:\Windows\PFRO.log
2012-08-08 09:10 - 2012-08-08 09:10 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 12:37 - 2012-08-07 12:37 - 00034818 ____A C:\Users\Ghostshell\Documents\cc_20120807_133730.reg
2012-08-03 19:18 - 2012-08-03 19:17 - 05021143 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-03 19:06 - 2012-08-03 19:06 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe
2012-08-01 10:18 - 2012-08-01 10:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-01 10:18 - 2012-08-01 10:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 14:28 - 2012-07-30 14:28 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SASUNINST64.EXE
2012-07-29 19:53 - 2012-07-29 19:51 - 76637445 ____A C:\Users\Ghostshell\Downloads\iLoL_Open_Beta_1.1.2_installer.dmg
2012-07-21 10:43 - 2012-07-21 10:43 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_tanseeiphonecontact_.exe
2012-07-21 08:11 - 2012-07-21 08:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-21 08:07 - 2012-07-21 08:07 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-18 21:58 - 2012-07-18 21:58 - 02686176 ____A (McAfee, Inc.) C:\Users\Ghostshell\Downloads\McAfeeScanAndRepair3_Release.exe
2012-07-18 21:05 - 2012-07-18 21:05 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Ghostshell\Desktop\tdsskiller.exe
2012-07-18 13:08 - 2012-07-18 13:08 - 02689442 ____A C:\Users\Ghostshell\Downloads\clipdiary_3.4.exe
2012-07-18 12:36 - 2012-07-18 12:36 - 18651528 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware(1).exe
2012-07-18 09:10 - 2012-07-18 09:10 - 18646144 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware.exe
2012-07-17 20:45 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-17 20:43 - 2009-07-13 18:34 - 83361792 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-17 20:43 - 2009-07-13 18:34 - 20709376 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-17 20:43 - 2009-07-13 18:34 - 04456448 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-17 20:43 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-17 20:43 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-17 19:06 - 2012-07-17 19:06 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-07-17 19:05 - 2012-07-17 19:04 - 40048208 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\Diablo-III-Setup-enUS.exe
2012-07-17 15:37 - 2012-07-17 15:37 - 00130802 ____A C:\Users\Ghostshell\Documents\cc_20120717_163659.reg
2012-07-17 13:43 - 2012-07-07 21:35 - 00005342 ____A C:\Users\Ghostshell\Documents\startup.txt
2012-07-17 13:39 - 2012-07-17 13:39 - 00001127 ____A C:\Users\Ghostshell\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 15:15 - 2012-07-16 15:15 - 00226433 ____A C:\Users\Ghostshell\Desktop\D3UnidPredict.zip
2012-07-16 12:48 - 2012-07-16 12:46 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql(1).exe
2012-07-16 12:45 - 2012-07-16 12:45 - 00000020 ___SH C:\Users\UpdatusUser.Ghostshell-PC\ntuser.ini
2012-07-14 11:23 - 2012-07-14 11:23 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(2).exe
2012-07-14 11:18 - 2012-07-14 11:18 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(1).exe
2012-07-14 11:17 - 2012-07-14 11:17 - 00604032 ____A (SlimWare Utilities, Inc.) C:\Users\Ghostshell\Downloads\FixCleanerSetup.exe
2012-07-13 12:06 - 2012-07-13 12:07 - 00372736 ____A (NVIDIA Corporation) C:\Windows\System32\NVUNINST.EXE
2012-07-13 12:05 - 2012-07-13 12:05 - 43265912 ____A (NVIDIA Corporation ) C:\Users\Ghostshell\Downloads\5.05.54.00_ntune_winxp_international.exe
2012-07-12 11:51 - 2012-07-12 11:49 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-07-08 16:58 - 2012-07-08 16:58 - 24646690 ____A C:\Users\Ghostshell\Downloads\8bp086.zip
2012-07-08 14:59 - 2012-07-08 14:59 - 01483724 ____A C:\Users\Ghostshell\Downloads\SystemCheck_enUS.exe
2012-07-07 18:41 - 2012-07-07 18:41 - 00123392 ____A (Microsoft) C:\Users\Ghostshell\Downloads\Diablo 3 Calculator 0_5_1.exe
2012-07-06 22:31 - 2012-07-06 22:31 - 00671744 ____A C:\Users\Ghostshell\Downloads\SetupDoItAgain(20).msi
2012-07-06 22:19 - 2012-07-06 22:19 - 00671744 ____A C:\Users\Ghostshell\Downloads\SetupDoItAgain.msi
2012-07-03 12:46 - 2011-09-01 17:05 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 09:28 - 2012-03-21 10:23 - 00001037 ____A C:\Users\Ghostshell\Desktop\Dropbox.lnk
2012-06-30 11:13 - 2012-06-30 11:11 - 54038807 ____A C:\Users\Ghostshell\Downloads\2009 Manga - Sehri Huzun.rar
2012-06-30 09:56 - 2012-06-30 09:56 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(4).exe
2012-06-30 09:55 - 2012-06-30 09:55 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(3).exe
2012-06-30 09:52 - 2012-06-30 09:52 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Desktop\TerrariForm(3).exe
2012-06-30 08:59 - 2012-06-30 08:59 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(1).exe
2012-06-30 08:58 - 2012-06-30 08:58 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(2).exe
2012-06-30 08:53 - 2012-06-30 08:53 - 00373760 ____A (KryptoDEV) C:\Users\Ghostshell\Downloads\TerrariaInvEdit.3040.exe
2012-06-29 12:37 - 2012-06-29 12:37 - 04425873 ____A C:\Users\Ghostshell\Downloads\PFCSetup.exe
2012-06-28 22:28 - 2012-06-28 22:27 - 00000926 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2012-06-28 21:05 - 2012-06-28 21:05 - 00000222 ____A C:\Users\Ghostshell\Desktop\Terraria.url
2012-06-28 11:55 - 2012-06-28 11:55 - 00015079 ____A C:\Users\Ghostshell\Downloads\Tofootime's Epic Wizard DPS Calculator.xlsx
2012-06-28 05:37 - 2012-06-28 05:37 - 00042496 ____A C:\Users\Ghostshell\Downloads\Wizard DPS Equivalence.xls
2012-06-28 05:37 - 2012-06-28 05:37 - 00042496 ____A C:\Users\Ghostshell\Downloads\Wizard DPS Equivalence(1).xls
2012-06-26 17:17 - 2012-06-26 17:17 - 00739808 ____A (Google Inc.) C:\Users\Ghostshell\Downloads\ChromeSetup.exe
2012-06-04 09:43 - 2012-06-04 09:43 - 00336920 ____A (MurGee.com ) C:\Users\Ghostshell\Downloads\setup(3).exe
2012-06-04 09:43 - 2012-06-04 09:43 - 00001142 ____A C:\Users\Public\Desktop\MurGee Auto Mouse Click.lnk
2012-05-28 22:38 - 2012-05-28 22:38 - 04711248 ____A (Microsoft Corporation) C:\Users\Ghostshell\Downloads\vs_ultimateweb.exe
2012-05-15 02:48 - 2012-07-16 12:49 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-16 12:49 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-16 12:49 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-05-14 13:09 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-07-16 12:44 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-07-16 12:44 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2012-07-16 12:44 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-07-16 12:44 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-07-16 12:44 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-07-16 12:44 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 15:15 - 2012-05-14 15:14 - 101331032 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\267.24_desktop_win7_winvista_32bit_english_beta.exe
2012-05-14 13:07 - 2012-05-14 13:06 - 212446672 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\296.10-notebook-win7-winvista-64bit-international-whql.exe
ZeroAccess:
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@
ZeroAccess:
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@
C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 8180.49 MB
Available physical RAM: 7342.22 MB
Total Pagefile: 8178.64 MB
Available Pagefile: 7334.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:232.79 GB) (Free:81.64 GB) NTFS
3 Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.57 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1906 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1905 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT Removable 1905 MB Healthy
==================================================================================
Last Boot: 2012-08-07 13:01
======================= End Of Log ==========================
and the Search.txt
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 13:10:35
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\erdnt\cache64\services.exe
[2012-07-17 20:49] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
-
Going to go through with the clean up now, i will post the logs after doing the steps above, thank you
-
thank you so much for helping me out
here is the report
=====================
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ghostshell [Admin rights]
Mode: Scan -- Date: 08/10/2012 12:30:14
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9250410AS ATA Device +++++
--- User ---
[MBR] 478efe6c5c618819af8753cb9435931d
[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] c46d375b88798304d258979fb76d4845
[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Hello, recently i was infected with an scvhost and adobe flash player virus. Under task manager i can see from 2-8 scvhosts running, and adobe flash player constantly crashes, asks to try and update which i always cancel. I cannot get rid of this virus myself, i appreciate any sort of assistance in cleaning up my system.
Thank you, i have pasted DDS log, attached the attach log, and also a malwarebytes log at the bottom
(PS no matter how many times i run malwarebytes the rootkits/trojans keep showing up)
DDS log
============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Ghostshell at 12:05:25 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8180.3951 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba47d1b4dd787cac9f0712-48643e70690374b37bf2810e9fd57bd51de19c8a〈=en&ds=ft011&pr=sa&d=2012-07-06 23:20:37&v=11.1.0.12&sap=hp
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [FAStartup]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554632333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554638383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\4586560224164736166756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\46C696E6B602231333 : DhcpNameServer = 128.54.16.2 132.239.0.252
TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [FAStartup]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Ghostshell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ghostshell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba
FF - user.js: extensions.incredibar_i.instlDay - 15341
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50:50
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM
FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-6-29 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-16 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-08-10 00:19:55 20480 ------w- C:\Windows\svchost.exe
2012-08-04 02:45:28 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EBFC.tmp
2012-08-04 02:45:28 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EBFB.tmp
2012-08-02 03:48:59 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4158.tmp
2012-08-01 18:18:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 18:18:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-30 22:36:50 -------- d-----w- C:\Users\Ghostshell\AppData\Local\Macromedia
2012-07-21 18:44:30 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\libimobiledevice
2012-07-21 18:44:19 -------- d-----w- C:\Program Files (x86)\Tansee iPhone Transfer Contact
2012-07-21 18:43:39 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\GetRightToGo
2012-07-21 16:10:28 -------- d-----w- C:\Program Files\iPod
2012-07-21 16:10:27 -------- d-----w- C:\Program Files\iTunes
2012-07-21 16:10:27 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-21 16:08:01 -------- d-----w- C:\Program Files\Bonjour
2012-07-21 16:08:01 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-20 09:17:03 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\692D.tmp
2012-07-19 04:54:25 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-18 21:09:20 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\Clipdiary
2012-07-18 06:03:09 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C2B3.tmp
2012-07-18 04:45:27 -------- d-----w- C:\$RECYCLE.BIN
2012-07-18 04:22:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 03:06:01 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-07-18 03:05:18 -------- d-----w- C:\ProgramData\Battle.net
2012-07-16 20:44:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-16 20:44:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-16 20:44:47 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-16 20:44:47 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-16 20:44:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-07-16 20:44:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-16 20:43:09 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-16 09:48:12 -------- d-----w- C:\Program Files (x86)\OApps
2012-07-16 09:48:11 -------- d-----w- C:\Program Files (x86)\TorrentSearch
2012-07-16 09:47:05 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-13 20:07:47 978944 ----a-w- C:\Windows\System32\msvcp71.dll
2012-07-13 20:07:47 520192 ----a-w- C:\Windows\System32\msvcr71.dll
2012-07-13 20:07:47 403456 ----a-w- C:\Windows\System32\nvcpl.cpl
2012-07-13 20:07:47 381952 ----a-w- C:\Windows\System32\nvexpBar.dll
2012-07-13 20:07:47 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE
2012-07-13 20:07:47 2065920 ----a-w- C:\Windows\System32\nvcplUI.exe
2012-07-13 20:07:47 1524736 ----a-w- C:\Windows\System32\MFC71.dll
2012-07-13 20:07:47 1064448 ----a-w- C:\Windows\System32\nvcplUIR.dll
2012-07-13 20:07:28 -------- d-----w- C:\Users\Ghostshell\AppData\Local\NVIDIA Corporation
2012-07-13 20:05:56 -------- d-----w- C:\Program Files (x86)\NVIDIA nTune Performance Application
2012-07-12 19:53:00 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-07-12 19:53:00 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
.
==================== Find3M ====================
.
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 12:06:54.26 ===============
=======
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ghostshell :: GHOSTSHELL-PC [administrator]
8/10/2012 12:15:01 PM
mbam-log-2012-08-10 (12-15-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245559
Time elapsed: 5 minute(s), 40 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1852 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
, Got it possibly from what seemed like a java update but can't be sure, please help! Malwarebytes will detect it but not remove it, posted the log after the DDS/Attach logs.
Redirect virus D: malwarebytes detects but wont remove.
in Resolved Malware Removal Logs
Posted
thank you very much for all of your help Gringo! it is very appreciated, feel free to close this threat